Okta Workflows release notes (2023)


Personio connector now available

The Personio connector is now available in Okta Workflows with the following cards:

  • List Employees
  • Read Employee
  • Update Employee

See Personio connector.


The SmartHR connector is now available in Okta Workflows with the following cards:

  • List Business Establishments
  • List Custom Field Groups
  • List Custom Fields
  • List Departments
  • List Employment Types
  • List Job Titles
  • Read Employee
  • Search Employees
  • Update Employee

See SmartHR connector.

Workflows templates

The following Okta Workflows templates are now available:

  • Invalidate anomalous Slack sessions

  • Sync Okta group membership with Office 365 unified groups

  • Encourage stronger MFA adoption

  • Activate and deactivate accounts with notifications in Microsoft Teams

  • Use Okta Workflows for Pendo metadata sync

The following Okta Workflows templates have been updated:

  • Generate unique Okta username with user import inline hooks: update the template description.

  • Manage Okta group membership based on profile attributes: update the Pluck function card to use Profile.Name as the key name, instead of Name.

The following Okta Workflows templates are no longer available:

  • Generate unique Okta usernames

  • Modernize your access request management with Okta and Slack

See Available Workflows templates.

Fixes in Okta Workflows

  • OKTA-559391

    Updating a list with the Remove Duplicates function card removed all objects from the list.

  • OKTA-609720

    Updating a list with the Remove Duplicates function card failed if the list was composed of text or numbers.


UI enhancement for low-latency mode

In the Flow History view, cards now display an icon indicating whether the card ran in low-latency mode, along with the execution time for the card.

Admins can hover over the icon to see the reason why a card was removed from low-latency mode.

Kandji connector update

The Kandji connector for Okta Workflows has been updated with the following new cards:

  • Get ADE Integration
  • List ADE Integrations
  • List ADE Devices
  • Play Lost Mode Sound
  • Set Device Name
  • Turn Off Lost Mode
  • Turn On Lost Mode
  • Update Lost Mode Location

The List Devices card has been deprecated and replaced by a new card with the same name.

See Kandji connector.

Fixes in Okta Workflows

  • OKTA-490940

    When viewing the execution history of a flow, the full result history wasn't visible for a small subset of orgs.

  • OKTA-581499

    For a Workflows table with a Boolean (True/False) column where the default value is False, a row added through a Create Row card without a value set for that column had a value of null

  • OKTA-602989

    When creating a folder in the Workflows console, admins received an Invalid name supplied error if they used special characters in the folder name other than -, _, or &.

  • OKTA-604822

    If admins viewed a pop-up window for a card in the flow history view while an another flow completed in the background, the pop-up window automatically closed.

  • OKTA-606668

    The See all videos link on the Workflows console landing page pointed to a YouTube play list that didn't exist.


OIN Manager supports Connector Builder submissions

You can now publish Okta Workflows connectors that you create with the Workflows Connector Builder into the Okta Integration Network (OIN) catalog. Publishing a Workflows connector allows your customers to deeply integrate your product with all other connectors in the catalog. Submit your connector using the OIN Manager. See Submit an integration for Workflows connectors.

Okta connector update

The Okta connector for Workflows has been updated with the following new cards:

  • Group Push Failed

  • Activate Application

  • Deactivate Application

  • Delete Application

See Okta connector.



Fixes in Workflows Designer


Attempts to rename an Okta connector in Workflows failed if the connector pointed to an org on a custom domain.


When calling an If Error function card from a helper flow, some parent flows didn't correctly receive errors or results.


Secure Code Warrior

The Secure Code Warrior connector has been updated with the following card:

  • Disable User

See Secure Code Warrior connector.

New templates

The following Okta Workflows templates are now available:

  • Detect suspicious MFA push notifications

  • Monitor unsuccessful phishing attempts

See Available Workflows templates.



Fixes in Workflows Designer


Function cards that iterated through a list of items weren’t allowing dynamic inputs to be sent to a dynamic helper flow.


Shopify connector update

The Shopify connector has been updated to accommodate recent changes in the Shopify API. This connector change includes functional changes to Shopify action cards and means you must replace existing cards in your flows. See the Shopify Connector Migration Guide.

This change impacts the following cards:

See Shopify connector.

Fixes in Connectors


The Create Row and Update Row cards for the Google Sheets connector executed successfully, but no data was written if a spreadsheet column had a column header name that contained a period.


This update fixes two issues with the Jira connector:

  • Some events weren't triggered if you selected a specific project from the Projects dropdown menu. This occurred only with New Issue and Issue Updated event cards added after the 2023.03.1 release. To resolve these issues, you need to stop the flow and replace the card with the updated card.

  • Previously, you could use a reserved keyword inside quote marks for the Key input field on the Search Issues action card. This card now supports reserved keyword use without quote marks. If you used quote marks around reserved keywords, you must update this input field to prevent an error.


Connector Builder

Fixes in Connector Builder


The Deployments interface was missing the help icon for the relevant documentation.


New feedback mechanism for Flow Designer

The mechanism for submitting suggestions in the Flow Designer now follows a more streamlined process. If you want to suggest a new function, template, app connection, or app action, Flow Designer points you directly into the Okta Ideas site. Through the Ideas site, you can provide all the relevant details and it routes your suggestion to the appropriate Okta product team for evaluation.

As part of this enhancement, the Send Feedback option in the Help dropdown menu is now Send product feedback.

Fixes in Workflows Designer


When a Pendo Designer guide was displayed in Workflows, the radio buttons for poll choices didn’t appear for the user.


Fixes in Connectors


For an action card using the Stream All Records option, when an Custom API action card or API function card executed inside a helper flow, it returned null values for Status Code, Headers, and Body fields, rather than the actual response from the API call. This scenario applied only to connectors created using the latest version of Connector Builder.


When using the Create File Content card for the GitHub connector inside an Okta Workflows preview org, attempting to upload a file caused a FileLimitExceeded error.



Connector updates

Dropbox for Business

The Dropbox for Business connector has been enhanced with the addition of the following cards:

  • Add User to Group
  • Create Group
  • Delete Group
  • Read Group
  • Remove User from Group
  • List Group Members
  • List Groups
  • List Users
  • Update Group

Other enhancements to this connector:

  • The Get User card has been renamed as Read User. The Get User card remains functional in existing flows. However, when adding an instance of this card from within the Dropbox for Business connector, it appears as Read User.
  • The User ID field has been relabeled as ID for the following cards:
    • Read User

    • Remove User

    • Suspend User

    • Unsuspend User

    • Update User

See Dropbox for Business connector.



Fixes in Workflows Designer


Customers could delete all shared folders, instead of receiving an error message when attempting to remove the last shared folder.



Fixes in Workflows Designer


The Repeat function didn’t properly pass inputs to a helper flow. This fix won’t apply to existing cards, therefore users must recreate any Repeat cards that should pass input values to the helper flow.


New List - For Each dropdown options weren't properly populated.


Fixes in Connectors


When using the Search Issues card of the Jira connector, if the optional Project field contained a JQL reserved word, then the card returned an error message during flow execution.


On some Workflow orgs, a timeout issue interrupted notifications sent from a scheduled Office 365 Send Email card.


The Custom API Action (CAPIA) card now performs input validation for the Relative URL input field.

All newly added CAPIA cards will throw an error if the Relative URL API version is greater than 12 months old. This validation is performed at runtime every time the CAPIA is executed.

Including the API version in the Relative URL input field is optional. If the URL doesn't contain a designated API version, then the Shopify API will default to the oldest stable version of the API dynamically. If targeting a specific API version, it should be explicitly defined in the Relative URL.

See Shopify Custom API Action.


Connector Builder

Connector Builder is GA in Production

Customers want more out-of-the-box connectors for the Okta Workflows platform that support their identity use cases and improve their overall time-to-value.

Okta WorkflowsConnector Builder is a no-code development tool for third parties and customers to create connectors using the same drag-and-drop functionality they use when building flows.

The following features are available to build a connector:

  • Add connector branding

  • Define authentication

  • Build action cards, including a Custom API Action card

  • Deploy a new connector locally for internal use

  • Submit to Okta Integration Network for review and publication

Connector Builder gives customers faster access to more local connectors. Submitting new connectors helps the Okta Integration Network ecosystem to deliver more value to all Workflows users. See Workflows Connector Builder.

Improved connector deployment and submission interface

The user interface for deploying a connector created with the Okta WorkflowsConnector Builder has been streamlined for simplicity and ease of use. The submission process for submitting connectors to the Okta Integration Network has also been improved. See Connector Builder submissions.


Workflows folder enhancements

The usability of Workflows folders has been improved through the following changes:

  • You can now perform folder operations from an Actions menu inside the folder page.

  • You can add an optional description for a folder.

  • Additional usability improvements to both the sidebar menu and to folder operations dialogs.

Fixes in Workflows Designer


If the error handling for a card had the Run another flow option selected, but no flow was chosen for that card, then when executed, the flow would remain In Progress and wouldn't generate any flow history. To prevent this situation, Workflows cards now have new validation policies for error handling. See Repair an invalid flow.


Connector Builder

Fixes in Connector Builder


When using a dynamic group with the extensible group configuration, the input or output fields were incorrectly ordered in the preview and deployed card views. Also, the extensible configuration wasn't respected in deployed cards for output groups.


The helper text on the OAuth configuration screen was incorrect.


Fixes in Workflows Designer


For some Okta Workflows orgs that migrated to a new domain, System Log events weren't readily available.


Flows that used the Close function for an HTTP connection were incorrectly considered for low-latency mode.


Fixes in Connectors


The in-app help links for the Kandji connector were broken.


Connector Builder

Fixes in Connector Builder


When using dynamic input or output fields, the preview card validation incorrectly indicated that having empty fields or an empty number of fields was invalid.


If you had a valid helper flow and you changed to a helper flow that returned an empty output, or if the helper flow failed, then the preview output wasn't displayed correctly.


Fixes in Workflows Designer


The latency value for a flow was calculated separately for the parent and helper flows, rather than as an aggregated duration for the entire flow.


Sometimes connector cards and helper flows returned "null" instead of the generated text string value.


Sometimes when a flow used the If Error card and the flow returned an error, the Flow History showed a successful execution that changed to an error when you clicked the details.


Fixes in Connectors


In the Adobe User Management connector, the Client Secret and Private API fields were displayed in plain text instead of being hidden.


Connector Builder

Connector authentication enhancement

When creating a connection, the Base URL field for authentication is now optional. If the Base URL field is empty, the Authorize Path and Token Path fields need to be fully qualified URLs. If the Base URL is included, those two paths only need to be relative URLs. See Build authentication with OAuth 2.0.

Fixes in Connector Builder


When using dynamic fields with dynamic group properties, the extensible toggle value wasn't respected. As a result, the final group definition was set to extensible:true, while other groups were set to extensible:false.


Flow builder feature

Sidebar usability improvements

The Workflows Console has been enhanced to improve usability and functionality. You can now click and drag the folder panel width to improve visibility of folder names.

Improvement to flow search history

When searching flow history results, Workflows users can now access beyond the first 150 execution results. See Check Flow History.

Fixes in Workflows Designer


When renaming a folder, the sidebar navigation didn't automatically sort the new folder names in case-insensitive alphabetical order.


When a flow returned multiple pages of results in the flow history, sometimes the start and finish events were on separate pages, so the execution displayed as being still in progress.


Executions in the flow history sometimes didn't include a start time and duration.


Zoom connector updated

As of February 14, 2023, Zoom no longer accepts the access token, refresh token, or revoke token in the URL query parameters of an API request. The Zoom connector for Okta Workflows has been updated to version 1.0.60 to support these API changes. Replace any existing Zoom cards in your flows with the newer versions and re-authenticate your Zoom connection. See the Zoom release notes regarding this change.

Fixes in Connectors


The Delete Directory User card for Adobe User Management didn't specify that the account deleted is the directory user account, not the Adobe user account. See Delete Directory User.


Connector Builder (in Early Access)

Fixes in Connector Builder


Removed the unused Export option from the options menu for individual flows.


When a parent flow had an inactive helper flow, the parent flow was able to run the helper flow, instead of receiving an error.


Fixes in Workflows Designer


When viewing paginated flow history in the sidebar, if an initial request was successful, any subsequent pagination failures didn’t halt and display an error message.


Zoom connector updated

As of February 14, 2023, Zoom no longer accepts the access token, refresh token, or revoke token in the URL query parameters of an API request. The Zoom connector for Okta Workflows has been updated to version 1.0.60 to support these API changes. Replace any existing Zoom cards in your flows with the newer versions and re-authenticate your Zoom connection. See the Zoom release notes regarding this change.

Fixes in Connectors


The Delete Directory User card for Adobe User Management didn't specify that the account deleted is the directory user account, not the Adobe user account. See Delete Directory User.



Fixes in Workflows Designer


Flows could remain showing as "In progress" for the maximum 30 day period.


The icons for low latency flows weren’t properly aligned.


Okta connector update

For the Okta connector, the following webhook event cards are now available:

See Okta connector event cards.

Google Workspace Admin connector update

For the Google Workspace Admin connector, the following action cards are now available:

When you launch the Google Workspace Admin connector, the OAuth consent screen shows an "unverified app" warning because of the new apps.groups.settings scope. This warning disappears after Google approves the app and is only seen for new connections.

See Google Workspace Admin connector.

Fixes in Connectors


If a user wasn't added to your GitHub organization through the GitHub SCIM API, the GitHub Remove User from Organization action card returned a 404 User Not Found error message and the user wasn’t removed.



Features and enhancements

Low-latency flows

The Low-latency feature enables Okta Workflows to support time-sensitive flows as well as flows that power inline hooks. Flows that meet certain criteria can now run in a low-latency mode that provides significant improvements in the consistency of flow execution timing. See Low-latency flows.

Fixes in Workflows Designer


When using the keyboard shortcut to save a new flow, the Save flow dialog appeared each time the shortcut was pressed, rather than only once. Also, if the keyboard shortcut was pressed while the Save flow dialog was displayed, any changes to the name or description weren't saved.

The Save button on a new flow was stuck in a loading state if the user clicked the close icon of the Save flow dialog.


Flows could remain showing as "In progress" for the maximum 30 day period.

Connector Builder (in Early Access)

Fixes in Connector Builder


The type names available for the output of Selected Outputs fields didn’t reflect the new user-friendly values available in Connector Builder. See Add selectable outputs to an action card.


If there were unsaved changes in the options of a connection card, these changes weren't kept when switching between the Configuration Settings and the Inputs/Outputs preview card windows.


If a dynamic list of fields was used in the Dynamic Output Group UI, the Extensible toggle didn't appear. This prevented the extensible fields from appearing in the output area.


When using the gear icon to rename a project folder, the dialog didn't save the new name.


If a Dynamic Group was specified in a helper flow but no options were provided, the helper flow preview didn't show any updates even after editing the group name or clicking the refresh button.


Dynamic output fields failed to load if the selected helper flow called a helper flow which in turn called a third helper flow.


If a Dynamic Output Group used a custom display name, the Selected Output field remained in the return card even after the Dynamic Output Group was removed.


Okta Workflows release notes (2022)


Okta Workflows release notes (2021)


Okta Workflows release notes (2020)