Add an inline hook

After creating your external service, you need to connect the external service with Okta and enable it for a particular process flow by adding an inline hook.

  1. In the Admin Console, go to Workflow > Inline Hooks.
  2. Click Add Inline Hook, and then select the type of inline hook:

    • Registration: customizes the handling of user registration requests in Self-Service Registration

      • Deprecation notice: This feature is being deprecated from the Okta Classic Engine. The functionality will be removed in a future release. For questions or concerns, contact your Customer Success Manager (CSM) or Okta Support.

    • SAML: customizes SAML assertions returned by Okta.

    • Token: customizes tokens returned by Okta API Access Management.

    • Password Import: verifies a user-supplied password to support migration of users to Okta.

    • User Import: customizes handling of new users who are imported into Okta from an application.

    • Telephony: use a telephony service provider to send SMS text messages or voice calls. See Customize your telephony service provider.

  3. Define the following attributes:

    • Name: a descriptive name for the inline hook.

    • URL: the external service's endpoint URL, to which the inline hook sends the request.

  4. Select the authentication type, and define the associated fields:

    • HTTP Headers

      • Authentication field: name of the authorization header.

      • Authentication secret: value string that corresponds to the Authentication field name.

    • OAuth 2.0 - Use client secret

      This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

      • Client Authentication. Select: Use client secret (client_secret_post). Uses the client ID and secret as parameters in the request body for authentication.

      • Client ID: a publicly exposed string provided by the service that is used to identify the OAuth application and build authorization URLs.

      • Client Secret: a private value provided by the service used to authenticate the identity of the application to the service.

      • Token URL: the URI where inline hooks can exchange an authorization code for access and refresh tokens. For example, /token.

      • Scope: the scope that allows you to perform the actions on the hook endpoint that you want to access.

    • OAuth 2.0 - Use private key

      This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

      • Client Authentication. Select: Use private key (private_key_jwt). Uses the private key to sign the JSON Web Token (JWT) and the public key to verify the client assertion for authentication.

      • Client ID: a publicly exposed string provided by the service that is used to identify the OAuth application and build authorization URLs.

      • Key: the public/private key pair used to verify token requests. See Manage keys.

      • Token URL: the URI where inline hooks can exchange an authorization code for access and refresh tokens. For example, /token.

      • Scope: the scope that allows you to perform the actions on the hook endpoint that you want to access.

  5. Optional. Custom Header fields: add a field name and value to send with the request.

  6. Click Save. The inline hook is now active.
  7. Associate the endpoint with an Okta process flow. This process varies by Inline Hook type.

Related topics

Preview an inline hook

View usage metrics for your inline hooks

Delete an inline hook