Configure a connection

When you add a card to a flow, you need to select or create a connection to authenticate with that app or service. You can create connections at either the folder level or the org level.

After your remote account connection is configured, Okta saves your account information, so you can reuse the connection when you build other flows that use the same connector.

Folder-level connections can only be used by flows within the folder where they were created. Subfolders inherit connections from their root parent folder.

New connections

Org-level connections

You can create org-level connections for your flows using the Connections page of the Workflows console. Before you can use org-level connections in a folder, you must add them to it.

To set up a new org-level connection configuration, complete these steps:

  1. On the Connections page of the Workflows console, click New Connection.

  2. From the New Connection selector pop-up, click the icon that corresponds to the app or service you want to connect.

  3. Optional: Click Folder Access (optional) and select any folders you want to add the connection to. Connections can't be used until they are added to a folder.

Folder-level connections

Early Access release. See Enable self-service features.

You can create folder-level connections for your flows using the Flows page of the Workflows console. Folder-level connections can only be used by flows within the folder where they were created.

To set up a new folder-level connection configuration, complete these steps:

  1. In the Workflows Console, open the Flows page.

  2. Click the folder that you want to work in.

  3. Open the Connections tab and click New Connection.

  4. From the New Connection selector pop-up, click the icon that corresponds to the app or service you want to connect.

The next steps depend on how the connection is made to the external app or service.

OAuth 2.0 connections

This procedure covers setting up connections that use the OAuth 2.0 authorization protocol:

On the General tab, fill out the fields as follows:

  1. In the Name field, enter a unique name for this specific connection. This is useful if you have multiple accounts connecting to the same app or service.

  2. Add a helpful Description to detail any other information relevant to this connection. The description text appears on the Connections page of the Workflows console, along with the connection Name.

For an external app or service that uses OAuth 2.0 for connections, you can click the Permissions tab to review which particular scopes are requested for this connection.

Configurable scopes

In some newer external apps or services that use OAuth 2.0, you can choose or modify the requested scopes.

This is useful if you need to create multiple connections that call the same service, but need to specify different scopes.

For example, one connection to an email service might include the read-email scope for simple administration. A more advanced connection to the same service could also include the delete-email and send-email scopes.

On the Permissions tab:

  • Select Use default scopes to create the connection using the pre-defined scopes.

  • Select Customize scopes (advanced) to select individual scopes. You can't clear any required scopes.

    If you remove a scope that isn't marked as required, but is used by the connector, then your event and action cards may not function properly.

  • You can use the search field to type in part of the scope name and filter the list of individual scopes.

  • If supported by the connector, you can also manually add other scopes. Enter the scope names, either individually or as a list of space or comma-separated values, in the Manually add scopes field and click Add.

  • If the connector doesn't support adding other scopes, you can submit a request to add scopes to the connector through the Okta Ideas site.

Click Create to complete the configuration. If required, Okta prompts you to enter your sign-in credentials for the destination site.

Other authentication protocols

This procedure covers setting up connections that don't use the OAuth 2.0 authorization protocol:

  1. In the Name field, enter a unique name for this specific connection. This is useful if you have multiple accounts connecting to the same app or service.

  2. Add a helpful Description to detail any other information relevant to this connection. The description text appears on the Connections page of the Workflows console, along with the connection Name.

  3. If your connection requires any necessary credentials, enter these values in the additional fields. This may be a specific service domain, an API token, or a paired access key and secret. The security requirements depend on the external app or service.

  4. Click Create to complete the configuration. If required, Okta prompts you to enter your sign-in credentials for the destination site.

Existing connections

You can modify existing connections using the Connections page of the Workflows console.

  1. Click Open next to the connector that you want to update.

  2. Click the Actions dropdown menu and click the action you want to perform.

    • Edit details: Change the name or description.
    • Usage: See which flows are using a particular connection.
    • Reauthorize: If you update the password, API key, or another setting for an application, you need to reauthorize your application. Click the Reauthorize icon and follow the steps to update your connection. Be sure to reauthorize each connection to the same application.
    • Delete connection: Remove the connection. Any flows that use this connection must be updated to use a different connection. You can also click the delete icon next to a connection to remove it.

  3. Click Assign Folders to add an org-level connection to an existing folder. Click Create New Folder to assign the connection to a new folder. Org-level connections can be added to multiple folders.

For more details about managing existing connections, see Connections page.

Related topics

Connections