From 4ef5604909bbb8ed8a78fc15fdc6ad1297829675 Mon Sep 17 00:00:00 2001 From: Sylvain Tormena Date: Tue, 24 Feb 2026 11:45:18 +0100 Subject: [PATCH] feat: add get_app_user tool to retrieve user assignment for an application Co-Authored-By: Claude Opus 4.6 --- README.md | 1 + .../tools/applications/applications.py | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/README.md b/README.md index 821427c..df476fb 100644 --- a/README.md +++ b/README.md @@ -474,6 +474,7 @@ The Okta MCP Server provides the following tools for LLMs to interact with your | ----------------------------- | ------------------------------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------| | `list_applications` | List all applications in your Okta organization | - `Show me the applications in my Okta org`
- `Find applications with 'API' in their name`
- `What SSO applications do we have configured?` | | `get_application` | Get detailed information about a specific app | - `Show me details for the Salesforce application`
- `What are the callback URLs for our mobile app?`
- `Get the client ID for our web application` | +| `get_app_user` | Get a user's assignment and profile for an app | - `Show me the app user profile for john.doe in the Salesforce app`
- `What attributes are mapped for this user in our SSO app?`
- `Get the external ID for this user in the provisioning app` | | `create_application` | Create a new application | - `Create a new SAML application for our HR system`
- `Set up a new API service application`
- `Add a mobile app integration` | | `update_application` | Update an existing application | - `Update the callback URLs for our web app`
- `Change the logo for the Salesforce application`
- `Modify the SAML settings for our HR system` | | `delete_application` | Delete an application (requires confirmation) | - `Delete the old legacy application`
- `Remove the unused test application`
- `Clean up deprecated integrations` | diff --git a/src/okta_mcp_server/tools/applications/applications.py b/src/okta_mcp_server/tools/applications/applications.py index 80f4e34..69e3aef 100644 --- a/src/okta_mcp_server/tools/applications/applications.py +++ b/src/okta_mcp_server/tools/applications/applications.py @@ -123,6 +123,38 @@ async def get_application(ctx: Context, app_id: str, expand: Optional[str] = Non return {"error": str(e)} +@mcp.tool() +async def get_app_user(ctx: Context, app_id: str, user_id: str) -> Any: + """Get a user assignment for an application by app ID and user ID. + + Parameters: + app_id (str, required): The ID of the application + user_id (str, required): The ID of the user + + Returns: + Dictionary containing the app user profile and assignment details. + """ + logger.info(f"Getting app user: app_id={app_id}, user_id={user_id}") + + manager = ctx.request_context.lifespan_context.okta_auth_manager + + try: + client = await get_okta_client(manager) + logger.debug(f"Calling Okta API to get app user {user_id} in app {app_id}") + + app_user, _, err = await client.get_application_user(app_id, user_id) + + if err: + logger.error(f"Okta API error while getting app user {user_id} in app {app_id}: {err}") + return {"error": str(err)} + + logger.info(f"Successfully retrieved app user: {user_id} in app {app_id}") + return app_user + except Exception as e: + logger.error(f"Exception while getting app user {user_id} in app {app_id}: {type(e).__name__}: {e}") + return {"error": str(e)} + + @mcp.tool() async def create_application(ctx: Context, app_config: Dict[str, Any], activate: bool = True) -> Any: """Create a new application in the Okta organization.