Inline hooks are outbound calls from Okta to your own custom code, triggered at specific points in Okta process flows. They allow you to integrate custom functionality into those flows.
You implement your custom code as a web service with an Internet-accessible endpoint. It's your responsibility to arrange hosting of your code on a system external to Okta. Okta defines the REST API contract for the requests it sends to your custom code, as well as for the responses your custom code can send back.
The outbound call from Okta is called a hook. Your code, which receives the call, is referred to as your external service.
Inline hooks use synchronous calls, which means that the Okta process that triggered the hook is paused until a response from your service is received.
Learn more about inline hooks.
Inline Hook Setup
Note: Only Super Admins can view and configure inline hooks.
After creating your external service, you need to tell Okta that it exists and enable it for a particular process flow.
- Select Workflow > Inline Hooks in the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. console.
- Click Add Inline Hook, and then select the type of hook.
- Define the following attributes:
- Name: a descriptive name for the inline hook
- URL: the external service's endpoint URL, to which the inline hook sends the request
- AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. field: the name of the authorization header
- Authentication secret: the value string that corresponds to the field name
- Custom header fields: optional field name / value pairs to send with the request
- Click Save. The inline hook is now Active.
- Associate the endpoint with an Okta process flow. How to do this varies by inline hook type.
To delete an inline hook, first deactivate it.Top