Okta Workflows - Preview release notes

Role-based access control

As Okta Workflows can make comprehensive changes both inside Okta and out to other connected SaaS apps, access to Workflows was previously restricted to Okta super admins. While this regulation enhanced the security of Okta Workflows, it limited the number of users, restricted the scalability of Okta Workflows, and reduced overall value to customers.

With role-based access control (RBAC), you can now assign Workflows privileges to more users without granting unnecessary access.

To support this feature, three new admin roles are available:

• Workflows Administrator: For full-access administration, within Okta Workflows only

• Workflows Auditor: For compliance management with read-only access

• Connection Manager: For securely handling accounts and credentials

RBAC allows customers to expand the use of Okta Workflows beyond super admins, enabling more team members to build, run, and manage Workflows securely and efficiently.

See Access Control.

There are four new event types that record the RBAC feature activity in the Okta System Log:

• workflows.user.role.user.add

• workflows.user.role.user.remove

• workflows.user.role.group.add

• workflows.user.role.group.remove

See the Event Types API.

Duplicate a folder

Currently, admins don't have a straightforward way of duplicating a folder inside Okta Workflows. The manual process of exporting a folder and importing it into a new folder results in a cumbersome user experience.

In this release, Okta introduces a new feature that enables duplication of any top-level folder or subfolder in an Okta Workflows org.

When you duplicate a folder, Okta copies the following flow elements into the new folder:

• Nested subfolders

• Flows, including the flow options, input fields, mappings, and connections

• Table metadata: columns, types, and descriptions

See Duplicate a folder.

Okta Devices event cards removed from the Okta connector

The following event cards are no longer available through the Okta connector:

• Authenticator Activated
• Authenticator Deactivated
• Device Activated
• Device Added to User
• Device Deactivated
• Device Deleted
• Device Enrolled
• Device Suspended
• Device Unsuspended
• Phone Verification Call Sent
• Phone Verification SMS Sent
• User MFA Factor Activated
• User MFA Factor Deactivated
• User MFA Factor Reset All
• User MFA Factor Suspended
• User MFA Factor Unsuspended
• User MFA

New flows should use the identical event cards from the Okta Devices connector. For existing flows, you must update your flows to use the equivalent Okta Devices card.

Zoho Mail connector

The Zoho Mail connector is now available in Okta Workflows with the following cards:

• Add Email Alias

• Add User to Organization

• Custom API Action

• Disable User Account

• Enable User Account

• List Users

• Read User

• Remove Email Alias

• Send Email

See Zoho Mail connector.

Limit increase for log streaming events

The monthly limit for Execution Log Streaming events has been increased from 10 million to 100 million events.

Usability improvements

This release updates the Execution History panel so that users can filter the range of displayed start and end times down to the minute. The date selection picker has also been updated.

The Usage dialog UI now includes indications for usage limits.

Order change for XML Build function

The assembled XML output from the XML Build function card is now sorted in lexicographical order rather than alphabetic order.

Workflows templates

The following Okta Workflows template is now available:

• Okta Identity Governance - Access Certification Campaign Examples

The following Okta Workflows templates have been updated:

• Yubico FIDO Pre-registration - updates the link to the setup instructions.

See Available Workflows templates.