Event hooks are outbound calls from Okta that trigger process flows within your own software systems. They are sent when specific events occur in your orgThe Okta container that represents a real-world organization., and they deliver information about the event. Unlike inline hooks, event hooks are asynchronous and do not offer a way to execute the Okta process flow. After sending the call, the Okta process flow continues without waiting for a response from the called service.
To set up an event hook, you need to implement a web service with an Internet-accessible endpoint. It's your responsibility to arrange hosting of your code on a system external to Okta. Okta defines the REST API contract for the requests it sends to your custom code, as well as for the responses your custom code can send back.
Learn more about which events are eligible.
Add an event hook
Note: Only Super Admins can view and configure event hooks.
After creating your external service, you need to tell Okta that it exists and enable it for a particular process flow.
- In AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, go to Workflow > Event Hooks.
- Click Add Event Hook.
Define the following attributes:
- Name: a descriptive name for the event hook
- URL: the external service's endpoint URL, to which the event hook sends the request
- AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. field: the name of the authorization header
- Authentication secret: the value string that corresponds to the field name
- Custom header fields: optional field name / value pairs to send with the request
- Subscribe to events: the specific event types you want to use the event hook to deliver
- Click Save & Continue. The event hook is now Active.
Verify your endpoint
- In the Verify Endpoint Ownership window, click Verify.
- If Okta successfully verifies the endpoint, it is listed as Active on the Event Hooks page.
- In the Verify Endpoint Ownership window, click Do this later.
- When you are ready to verify the endpoint, navigate to Workflow > Event Hooks.
- Locate the hook that you want to verify, and then click its Actions menu. Note: By default, verified event hooks are listed first, but you can sort the table by status or name.
- In the Actions drop-down menu, select Verify.