Okta Workflows: Version history

Workflows
Features and enhancements
Low-latency flows
The Low-latency feature enables Okta Workflows to support time-sensitive flows as well as flows that power inline hooks. Flows that meet certain criteria can now run in a low-latency mode that provides significant improvements in the consistency of flow execution timing. See Low-latency flows.
Fixes in Workflows Designer
OKTA-277861
When using the keyboard shortcut to save a new flow, the Save flow dialog appeared each time the shortcut was pressed, rather than only once. Also, if the keyboard shortcut was pressed while the Save flow dialog was displayed, any changes to the name or description weren't saved.
The Save button on a new flow was stuck in a loading state if the user clicked the close icon of the Save flow dialog.
OKTA-549709
Flows could remain showing as "In progress" for the maximum 30 day period.
Connector Builder (in Early Access)
Fixes in Connector Builder
OKTA-509865
The type names available for the output of Selected Outputs fields didn’t reflect the new user-friendly values available in Connector Builder. See Add selectable outputs to an action card.
OKTA-548681
If there were unsaved changes in the options of a connection card, these changes weren't kept when switching between the Configuration Settings and the Inputs/Outputs preview card windows.
OKTA-552020
If a dynamic list of fields was used in the Dynamic Output Group UI, the Extensible toggle didn't appear. This prevented the extensible fields from appearing in the output area.
OKTA-552146
When using the gear icon to rename a project folder, the dialog didn't save the new name.
OKTA-557034
If a Dynamic Group was specified in a helper flow but no options were provided, the helper flow preview didn't show any updates even after editing the group name or clicking the refresh button.
OKTA-557035
Dynamic output fields failed to load if the selected helper flow called a helper flow which in turn called a third helper flow.
OKTA-557039
If a Dynamic Output Group used a custom display name, the Selected Output field remained in the return card even after the Dynamic Output Group was removed.

Connector Builder (in Early Access)
Fixes in Connector Builder
OKTA-481683
For connectors created in Connector Builder that use a helper flow as an input, the helper flow didn't log any executions when the card was tested using the Test this card button.
Connectors
Features and enhancements
New templates
The following templates are now available:
-
Generate unique username with user import inline hooks
-
Validate email domains during registration
Fixes in Connectors
OKTA-563852
Changes made to the Suspicious Activity Reported event card weren't reflected in the same event card used in the Suspicious Activity Reported template. See Suspicious Activity Reported template.

Connector Builder (in Early Access)
Fixes in Connector Builder
OKTA-509865
The type names available for the output of Selected Outputs fields didn't reflect the new user-friendly values in Connector Builder.
OKTA-549082
Deployed cards didn't show the Click or drop here to create input option. Also the input to output mapping and the group ordering for a deployed card didn't match the order shown on the preview card.
OKTA-552021
If a dynamic input group used a helper flow with an input named extensible, the dynamic group action failed to load.
Workflows
Fixes in Workflows Designer
OKTA-503928
For cards that accept multiple input fields, new entries weren't created with unique field names. This resulted in a Choose a unique name error and prevented the flow from being saved.
OKTA-547809
Adding several conditions in rapid succession on an If/Else If card sometimes resulted in a condition showing that couldn't be edited.
OKTA-554161
Flow cards that return an error as output didn't report the error unless the flow was accessed during the execution of the event.

Workflows
Fixes in Workflows Designer
OKTA-552535
Sometimes an execution was simultaneously presented as both complete and in progress in the Workflow history until it was manually refreshed.
OKTA-555302
Some Workflows Starter users couldn't view the terms of service dialog if they had the zoom level of their resolution set too high.
Connectors
Fixes in Connectors
OKTA-530438
The List Users Assigned to Application card in the Okta connector didn't successfully complete when large payloads were sent through the action.
OKTA-540947
The ServiceNow connector returned an unauthorized request error for some customer authorization credentials.

Workflows
Fixes in Workflows Designer
OKTA-552535
Sometimes an execution was simultaneously presented as both complete and in progress in the Workflow history until it was manually refreshed.
OKTA-555302
Some Workflows Starter users couldn't view the terms of service dialog if they had the zoom level of their resolution set too high.
Connectors
Fixes in Connectors
OKTA-530438
The List Users Assigned to Application card in the Okta connector didn't successfully complete when large payloads were sent through the action.
OKTA-540947
The ServiceNow connector returned an unauthorized request error for some customer authorization credentials.

Workflows
Added resources for Workflows console
The Resources section of the Workflows console home page has been updated to include links to Workflows How-To Guides and How-To Videos.
Improved folder deletion for flows
You can now remove folders in the Workflows console even when there are flows or tables present. To prevent inadvertent deletion of the folder and the flows and tables that it contains, the Workflows console warns you of the impact and requires a confirmation of the operation. See Folders, flows, and tables.
Fixes in Workflows Designer
OKTA-525875
When renaming a folder in the Workflows console, different naming behavior occurred if the user selected the flow and clicked the pencil icon next to the name, or if they clicked the gear icon in the flow.

Workflows
Fixes
OKTA-531559
Creating a folder failed with a server error if the folder name was longer than 255 characters.
OKTA-537031
Sometimes testing an unsaved flow that included a helper flow event with a defined input crashed the flow designer.
OKTA-543474
A flow on the Flow Page shows errors when there weren’t any in its flow history.
Connectors
New connectors
Google Docs
The Google Docs connector is now available in Workflows with the following action cards:
- Create Document
- Read Document
- Update Document
- Custom API Action
Miro User Management
The Miro User Management connector is now available in Workflows with the following cards:
- Create User
- Read User
- Update User
- Status Upgrade
- User License Type to Full
Miro Administration
The Miro Administration connector is now available in Workflows with the following cards:
- Create Team
- Search Teams
- Get Team Settings
- Add Member to Team
- Update Team Invitation Settings
- Update Team Member Role
- Update Team Discovery Settings
- Update Team Collaboration Settings
- Update Team Sharing Policy Settings
- Update Team Copy Access Settings
Connector updates
Recorded Future Identity Intelligence
For the Recorded Future Identity Intelligence connector, the following action cards are now available:
- Get Compromised Customer Identities
- Get Compromised Workforce Identities
- Lookup Compromised Identity Details
Freshservice
Freshservice updated their API to V2 on November 30, 2022. To maintain functionality for your Freshservice connector, you must replace existing cards with the updated cards.
The following action cards are updated:
-
Create Ticket
-
Read Ticket
-
Update Ticket
-
Search Tickets
-
Delete Ticket
-
Create User
-
Read User
-
Update User
-
Search Users
-
Deactivate User
The following event cards are updated:
-
Ticket Updated
-
New Ticket

Workflows
Features and enhancements
Searchable Flow History
Workflows users can see a list of past executions in the Flow History tab of the Workflows Console, but finding specific executions can be time consuming. To make finding a specific execution easier, Workflows is introducing a new quick search text box and expanding the date filtering capabilities. This allows admins to quickly identify specific executions by performing a full-text search over any data that has passed through the flow and/or constraining executions to a short timeframe. See Check Flow History.
User Notification UI improvements
We have updated the visual design of user notifications.
Dynamic group properties and fields
Workflows admins can now dynamically create a group name and fields. This gives them more control over the end user’s experience and how the group names are displayed. See Add dynamic fields and groups.
Connectors
New template
The following template is now available:
-
Reset User Sessions in Okta, Zoom, Google Workspace, and Office 365.
API connector
The Patch function card is added to the API Connector. See Patch.
GitHub
For the Remove User for Organization card, SAML configuration is now enforced. You must configure SAML property and be the owner of the organization to use this Action card. See Remove User from Organization
Jira
Parent and Parent Link fields in the following Jira cards will soon start returning a string value instead of an object:
-
Read Issue (Action)
-
List Issues (Action)
-
New Issue (Event)
-
Issue Updated (Event)
-
Issue Transitioned (Event)
-
Issue Deleted (Event)
-
Please update your flows accordingly.
Please identify your flows that will be impacted.

Workflows
Fixes
OKTA-479614
Some default logos appeared cropped in the deployed card frames.
OKTA-499136
Searches for a string in the template catalog showed partial results, but then clicking View All Results resulted in no matching templates.
OKTA-501819
The Templates page styles were inconsistent.
OKTA-508318
For Connector Builder connectors, when the authping flow failed, the error message window was empty.
OKTA-521830
After using the Click or drag to create functionality on a Delegated Flow card, new inputs weren't created in the Inputs section as expected.
OKTA-534030
An invalid flow in Flo Designer could be successfully saved.
OKTA-537628
In rare cases on slow networks, the Flow History Sidebar displayed an error when searches were made in quick succession.
OKTA-538252
The Start column of Searchable Flow History displayed the end time of flow completion.
OKTA-539798
When using slow networks the Flow History Sidebar sometimes showed incorrect executions based on the configured filters.
OKTA-540258
Non-empty folders could be deleted on a second attempt without a confirmation dialog.
OKTA-545666
Workflow users with incomplete custom domain configurations were not able to sign in to workflows.
Connectors
Google Workspace Admin
New fields are added to the Read User card for the Google Workspace Admin connector. See Read User.
Jira
In the next release, Okta will roll out a new version of the Jira connector. As a result, the following cards will start returning a string value instead of an object for the Parent and Parent Link fields:
- Read Issue (Action)
- List Issues (Action)
- New Issue (Event)
- Issue Updated (Event)
- Issue Transitioned (Event)
- Issue Deleted (Event)
Please identify your flows that will be impacted.

Workflows
Fixes
OKTA-538815
Different solution packs on the solution pack page had the same icon.
OKTA-535550
Searchable Flow History displayed two records for each failed execution in search results.

Workflows
Features and enhancements
Security Solution Pack
Security Solution Pack is now available on the Workflows Console homepage and in Templates search. The Solution Pack contains a carefully curated set of templates to help solve distinct automation challenges.
Edit Properties dialog redesign
The Edit Properties dialog is redesigned for better user experience.
Updated Terms of service for Workflows Starter
A one-time disclaimer about revised terms of service is displayed to orgs on the Workflows Starter Plan.
Folder deletion enhancement
Folder deletion now supports deleting folders with inactive flows and tables.
Fixes
OKTA-484456
Unexpected cards were created when an admin clicked a loading card multiple times.
OKTA-490363
The Choose Table pop-up had an incorrect title.
OKTA-534032
Some icons weren’t displayed properly in Solution Pack.
OKTA-536724
When the Searchable Flow History feature was enabled, Flow History didn’t filter results correctly if the end time was set to midnight.

Workflows
Features and enhancements
Indicator for manually triggered flows (Early Access)
A loading indicator is now displayed for manually triggered flows. The indicator helps admins know that their flows were successfully triggered.
Fixes
OKTA-475136
Flow Builder fields failed to render when the spelling or case didn’t match the field name.
OKTA-503448
Flows weren't properly validated when non-list object data types were used as list input.
OKTA-523362
Flow exports failed when folders were used as an input field.
OKTA-523374
In scheduled flows, the between ranges were calculated after admins clicked Save.
OKTA-507905
The Wait For function incorrectly allowed admins to set the wait time longer than 30 days.
Connectors
New template
The following template is now available: Tracking and Alerting for Possible Account Takeover Attempts in Okta. See Available Workflows templates.

Workflows
Fixes
OKTA-471074
The Find last card didn’t correctly calculate character lengths when the text contained special characters.
OKTA-509331
On the Difference card, the millisecond difference between two Date Now cards was calculated incorrectly.
OKTA-515104
Saving an authentication bottom sheet with the option Select Auth Type returned an error.
OKTA-518597
An invalid flow in Flo Designer could be successfully saved.
OKTA-530390
The Clear Empty card didn’t clear empty keys of type: date.
Connectors
New templates
The following templates are now available in Preview and Production environments:
- Manage Access to Github Repo Based on Secure Code Warrior Assessment Status
- Manage On-Call Rotations and Schedules with Opsgenie
- Remotely Lock All Kandji Devices Based on Security Events

Workflows
Fixes
OKTA-514841
In Connector Builder, the User Documentation URL and Support Email Address fields weren't checked for their validity.
OKTA-515512
Dynamic drop-down menus didn’t refresh the mappings when a helper flow was selected.
OKTA-529347
Internal table column names were displayed in the UI when admins used the Tables function.
OKTA-530839
The Read Computer Group card for the JAMF Pro Classic API Connector failed with a 404 error.
Connectors
Pendo
The Pendo connector is now available in Workflows with the following cards:
- Push Okta user list with metadata
See Pendo connector.
Okta
For the Okta connector, the following event cards are now available:
- User MFA Factor Suspended
- User MFA Factor Unsuspended
- Phone Verification SMS Sent
- Phone Verification Call Sent
- Import Group Created
- Import Group Deleted
- Authenticator Activated
- Authenticator Deactivated
- Policy Rule Activated
- Policy Rule Deleted
- OAuth2 App Consent Granted
See Okta connector.

Workflows
Features and enhancements
Office 365 Solution Packs
The IT Operations and Seamless Office 365 Integration Solution Packs are now discoverable on the Workflows Console homepage and in Templates search. Each Solution Pack contains a carefully curated set of templates to help solve distinct automation challenges.
Searchable Flow History (Early Access)
Workflows users can see a list of past executions in the Flow History tab of the Workflows Console, but finding specific executions can be time consuming. To make finding a specific execution easier, Workflows is introducing a new quick search text box and expanding the date filtering capabilities. This allows admins to quickly identify specific executions by performing a full-text search over any data that has passed through the flow and/or constraining executions to a short timeframe. See Check Flow History.
Fixes
OKTA-522559
Switching between contexts in the Card Creator panel sometimes caused the panel to close.
Connectors
Secure Code Warrior
For the Secure Code Warrior connector, the following action cards are now available:
- Create User
- Delete User

Connector Builder (in Early Access)
Detailed notifications for webhook failures
Connector Builder now provides prominent notifications when it fails to register or deregister a webhook in a third-party service. The notifications include a description of the issue and possible ways to resolve it.
Workflows
Fixes in Workflows Designer
OKTA-522554
UI elements in Flow Builder didn’t align properly.

Workflows
Fixes in Workflows Designer
OKTA-516576
Items in the event selection window were incorrectly aligned.
OKTA-518284
Sometimes, the templates catalog search bar didn't trigger a search.
OKTA-518285
Clearing all search filters in the template catalog didn't clear the text search.
Connectors
ServiceNow
For the ServiceNow connector, the following action cards are now available:
- Create Group
- Read Group
- Update Group
- Delete Group
- Search Groups
- Create Request
- Read Request
- Update Request
- Delete Request
- Search Requests
See ServiceNow connector.

Connector Builder (in Early Access)
Reorder fields in the Authentication dialog
In the Authentication dialog, the ability to reorder fields within the Parameters and Config Values sections is now available.
Fixes in Connector Builder
OKTA-519404
Test connections couldn’t be viewed or created in the Connections tab or on action cards.

Connector Builder (in Early Access)
Fixes in Connector Builder
OKTA-493658
If an executed flow didn't contain data, the Close and go back link in its Flow History dialog didn't lead to the expected interface.
OKTA-503645
Even when cleared by a user, an input field on an action card passed data (such as zero for a number-type field) to the connector’s third-party service.
OKTA-507787
The Preview Card dialog didn’t display card details properly if a connection was not already selected.
OKTA-512229
In the Options, Inputs, or Outputs dialogs, validation markers didn’t appear when group or field names were re-edited or invalid names were added.
Workflows
OKTA-512214
In the templates catalog, if a template contained only helper flows, preview screenshots didn’t appear properly in full view mode.
OKTA-512234
In the templates catalog, for templates that contain multiple flows, full view mode didn’t consistently display the selected preview image.
OKTA-512303
After full view mode was exited, the templates catalog displayed unexpected scrolling behavior.
OKTA-521959H
The XML Build card returned incorrect results in Preview environments.
Connectors
Okta connector
On the Custom API Action card for the Okta connector, the Relative URL field is now required, and a string value for a relative URL must contain a leading / character.
See Custom API Action.
Fixes in Connectors
OKTA-501930
On the Activate User action card for the Okta connector, when the Send Email? option was set to No, the type for the Url output field was changed to Number (instead of Text). This caused any flow that contains the card to fail if the Url output value was mapped to other fields. See Activate User.
OKTA-501951
On the Read User action card for the Okta connector, the Credentials - Emails output field was not populated with any data. See Read User.
OKTA-502931
For the SendGrid connector, the Send Email action card returned an error when the From field was populated with an email address of a verified sender. See Send Email.

Connector Builder (in Early Access)
Fixes in Connector Builder
OKTA-351973
In the Authentication dialog, when OAuth 2.0 was selected as the authentication type, a change to the selected option in the Client Ownership dropdown field was not displayed.
Workflows
Keys in object outputs
In object outputs, children keys are no longer mappable or draggable.
Connectors
AWS SSO connector renamed
To align with the rebranding of AWS SSO, the AWS SSO connector cards and documentation have been changed to AWS Multi-Account Access.

Connector Builder (in Early Access)
Dynamically generated dropdowns for input fields
In the Inputs dialog, the ability to add dynamically generated dropdown fields is now available. Dropdown field choices can be retrieved from a third-party service or updated from a manually generated list based on selections in one or more Options fields. See Dynamic dropdown, fields, and groups and Add dynamic input fields: HTTP example.

Connector Builder (in Early Access)
Dialog for trigger cards
The dialog to select a card type such as a Helper Flow, Action, Authping, or Revoke has been enhanced for better clarity and usability.
Reordering of fields
Fields in the Options, Inputs, or Outputs dialogs can now be reordered manually using drag and drop functionality.
Fixes in Connector Builder
OKTA-505216
A test deployment of a connector didn’t execute authping or revoke flows.
Workflows
Preview details in Workflows templates
The Preview section for a Workflows template has been enhanced for better usability.
Supported browsers
Workflows Designer browser support has been updated and some previously supported browsers are no longer supported. For a list of supported browsers, see Supported platforms, browsers, and operating systems.
Connectors
Adobe User Management
The Adobe User Management connector is now available with the following action cards:
- Add Users to Group
- Create Group
- Create Users
- Custom API Action
- Delete Directory User
- Delete Group
- List Group Members
- List Groups
- List Users
- Read User
- Remove User from Group
- Remove User Membership
- Update Group
- Update User
Fixes in Connectors
OKTA-498102
The Read Issue action card of the Jira connector returned values that weren’t mapped correctly.
OKTA-505057
The dynamically generated input and output fields of some Smartsheet connector cards weren't displayed.

Workflows
Features and Enhancements
Enhancements to the Add app action and Add function dialogs
The Add app action and Add function dialogs have been enhanced for better usability within nested elements.

Connector Builder (in Early Access)
Display data from helper flows
A display of data for dynamic dropdown and dynamic fields from helper flows is now available in the Options dialog.
Fixes in Connector Builder
OKTA-472594
On the Inputs and Outputs dialogs, strings in the Group Name field weren’t validated.
OKTA-477744
A connection for a test deployment instead of a local deployment was unexpectedly used by locally deployed cards in a project flow.
OKTA-479715
In Connector Builder, the display for the number of flows wasn’t refreshed when a flow in a project was deleted.
OKTA-507743
For connectors that are built with Connector Builder and use OAuth 2.0 authentication, access tokens expired unexpectedly.
Connectors
Kandji connector
The Kandji connector is now available with the following action cards:
-
Clear Passcode
-
Create Blueprint
-
Create Note
-
Erase Device
-
Get Activation Lock Bypass Codes
-
Get Blueprint
-
Get Device
-
Get File Vault Recovery Key
-
Get Mac Unlock PIN
-
List Blueprints
-
List Device Apps
-
List Device Library Items
-
List Device Notes
-
List Devices
-
Lock Device
-
Manage Apple Remote Desktop
-
Reinstall Kandji Agent
-
Restart Device
-
Send MDM Blank Push
-
Shutdown Device
-
Unlock Locked Mac Account
-
Update Device
-
Update Inventory
Recorded Future Identity Intelligence connector
The Recorded Future Identity Intelligence connector is now available with the Custom API Action card.
Fixes in Connectors
OKTA-489670
The Office 365 Mail authorization page was missing information about how to create a connection with a regular Office 365 account.

Connector Builder (in Early Access)
Resubmitted connectors
For connectors that are already available in production and have been rebuilt and deployed locally, a Resubmit connector button is now available.
On the developer tenant that submitted a third-party connector to the Okta Integration Network, the Deploy local connector button now changes to Resubmit connector after the connector is published.
Fixes in Connector Builder
OKTA-501083
Third-party connector test versions were sometimes available in production orgs.
Workflows
Fixes in Workflows Designer
OKTA-503757
For the Tables in the Search Rows function card, a null value was returned when no search results were found.
OKTA-504021
In the Workflows app catalog, names for connectors didn’t render properly.

Connector Builder (in Early Access)
Fixes in Connector Builder
OKTA-485614
The Authentication dialog didn't display a validation icon and tooltip for auto-generated Config Values.
OKTA-501072
Connectors developed by customers and deployed by Okta weren't displayed properly in Workflows Designer when the local test connector and deployed connector had the same version.
Connectors
Okta connector update
For the Okta connector, the Stream Matching Records option is no longer available on the Find Users action card. Flows that already include the Find Users card and is configured with the First Matching Record or First 200 Matching Records option will continue to run as expected. However, if the Find Users card is already configured to use the Stream Matching Records option, it will return a maximum of 200 user records in the helper flow. See Find Users.
Fixes in Connectors
OKTA-499453
Sometimes the Okta connector experienced a connection failure.
OKTA-500375
For the Okta connector, the Update Group card returned a 400 Bad Request error when the Description input field wasn't selected.

Run delegated flows from the Okta Admin Console
With delegated flows, admins can be assigned the ability to run Okta Workflows directly from the Admin Console. Flows that are delegated to an admin appear on the Delegated Flows page where they can be invoked without signing in to the Workflows Console. This gives super admins more granular control over their admin assignments. See Delegated flows and Build a delegated flow.
Connector Builder (in Early Access)
Fixes in Connector Builder
OKTA-498150
Sometimes when a connector was already available in production and a new version was submitted, a local deployment mistakenly occurred in both the connector builder’s local environment and other instances of Workflows.
OKTA-499889
Dynamic options fields didn't load the dropdown values on event or action cards.

Connector Builder (in Early Access)
Dynamic dropdowns fields
Dynamic dropdown fields now appear in the preview section of the Options dialog.
Workflows
Updates to the Workflows Templates catalog
An enhanced catalog for Workflows Templates is now available. The Templates home page now includes faster access to introductory templates, popular templates, and templates categorized by connector.
Fixes in Workflows Designer
OKTA-479605
For the Tables - Search Rows function card, the Row ID, Created, and Updated output fields were displayed even when they weren't selected as outputs in the Select fields and click “Save” dialog.
Connectors
Advanced Server Access
The Advanced Server Access connector is now available with the following action cards:
-
Add Group to Project
-
Add User to Group
-
Change Project Properties of Project Group
-
Create ASA Group
-
Create Preauthorization
-
Create Project
-
Create Server Enrollment Token for Project
-
Custom API Action
-
Delete Project
-
List Projects for Team
-
List Server Enrollment Tokens within a Project
-
Read Server Enrollment Token for Project
-
Remove an ASA User from an ASA Group
-
Remove Group from Team
-
Update Preauthorization
-
Update Project
Secure Code Warrior
An Instance Region parameter is now available in the Secure Code Warrior connector’s authentication dialog. The enhancement allows users to specify a value for a data location.
See Secure Code Warrior.
Smartsheet connector
For the Smartsheet connector, the following action cards are now available:
-
Add User to Group
-
Add User to Organization
-
List Group
-
Read Group
-
Read User
-
Remove User from Group
-
Remove User from Organization
-
Search Users
-
Update User
See Smartsheet connector.
Fixes in Connectors
OKTA-486100
For Google Workspace User cards, the Organization Path appeared incorrectly.
OKTA-491249
On the Get Users Groups action card for the Okta connector, some fields appeared incorrectly.
OKTA-496577
The Office 365 Mail Get Message card input and output fields are reformatted with no impact to performance.

Connector Builder (in Early Access)
Features and Enhancements
Additional context-sensitive help links
Contextual help documentation is now available for the following features:
-
Extensible inputs
-
Test flows
-
Dynamic fields
-
Outputs
-
Config values
Fixes in Connector Builder
OKTA-483348
For a connector whose authentication settings contained an access token, testing an authping or httphelper flow resulted in an error.
OKTA-492983
For some Workflows environments, the name of an org didn’t appear properly in the header pane.
Workflows
Fixes in Workflows Designer
OKTA-446171
The Add app action and Add function dialogs inside an Error Handling - If Error function card didn't render properly.
OKTA-481743
For the URL - Parse function card, a UTF-8 encoded input value with invalid characters didn’t produce an error message nor return any output values.
OKTA-488501
For a throttled flow, the delay icon didn’t render properly in the Flow History pane if it also displayed a long status message.
OKTA-492153
In list view on the Flows page, data in the History column was garbled.

Connector Builder (in Early Access)
Features and Enhancements
New deployment validation messages
In Connector Builder, deployment validation messages for the following scenarios are now available:
-
An action flow is removed.
-
Static or dynamic input fields are removed from an action card.
-
Static or dynamic output fields are removed from an action card.
Field preview for action cards
While adding options or fields to an action card in Connector Builder, users can now preview the fields of the card before it is deployed.
Connector Builder button
The Connector Builder button replaces the Connectors navigation item and now opens Connector Builder in a new tab.
Third-party contact fields in the connector's profile
The User Documentation URL field for a link to externally hosted documentation and the Support Email Address field for third-party contact information are now available in the connector’s Settings dialog.
Fixes
OKTA-467156
For dynamically generally input fields, fields of the type option didn’t render properly.
OKTA-477034
In the Test Connection dialog, the selection of a test connection wasn’t retained from previous tests for an action flow.
OKTA-489625
A message indicating that a connector passed validation for deployment didn’t appear properly.
Workflows
Features and Enhancements
Execution limits for flows
The Workflows platform now includes execution limits on flows. Flow throttling is a Workflows feature that automatically detects, limits, and notifies users when specific flows consume excessive resources during a defined window of time. Flow throttling doesn't impact or prevent the completion of a flow.
See Execution limits.
Connector Updates
Okta connector
For the Okta connector, the following event cards are now available:
- Device Activated
- Device Added to User
- Device Deactivated
- Device Deleted
- Device Enrolled
- Device Suspended
- Device Unsuspended
See Okta connector.
Connector Fixes
OKTA-448687
On the Send Email action card for the SendGrid connector, the Attachments field disappeared under the conditions in this sequential order:
-
The Attachments field contained an object.
-
The Choose fields dialog was opened and closed.

Connector Builder (in Early Access)
Fixes
OKTA-467169
For dynamically generated fields, available field types weren't displayed.
OKTA-481450
For an action flow that invoked an inactive helper flow, the link to the flow in the connector Validation dialog didn’t lead back to the flow editor.
Workflows
Fixes
OKTA-451891
When the table limit in a Workflows environment was met, the help link in the error message didn't display supporting documentation.
Connector Updates
Office 365 Mail
For Office 365 Mail connector, the Get Message action card now includes mail options for users to access a shared or delegated email account and updated input and output fields. See Get Message.
For the Office 365 Mail connector, the following action cards are now available:
-
Download Message Attachment
-
Search Emails
Google Workspace
For the Google Workspace connector, the Search Users action card now includes streaming. See Search Users.
Connector Fixes
OKTA-484917
For the Google Workspace connector, the Search Users action card stopped working when the input value for the Parent Organization Path field contained multiple words.

Connector Builder (in Early Access)
Fixes
OKTA-352387
In the Basic authentication dialog, if username or password was added as a value in the Key field, the parameter was added unexpectedly to the Credentials section and became uneditable.
OKTA-467587
The use of ? and & characters in field labels caused an unexpected validation error.
OKTA-480684
In the OAuth authentication dialog, the values in the Key field for Client ID and Client Secret were editable and deletable.
OKTA-481366
In any authentication dialog, if access_token or refresh_token was added to the Key field for a parameter, the parameter row disappeared.

Connector Builder (in Early Access)
Fixes
OKTA-391123
A connection for a deployed connector that was created in Connector Builder using OAuth authentication wasn't refreshed when its access token expired.
OKTA-472777
In the Config Values section of the Authentication dialog, an expected validation error didn’t occur when the Value from Helper Flow option was selected but a helper flow wasn’t specified.
OKTA-478212
In the Authentication dialog, the key for a config value wasn’t generated automatically if the Label field contained special characters only.
Workflows
Fixes
OKTA-460727
For the Tables function, an error was returned if the Search Rows card was included in a flow that ran every five minutes, or if the Table ID field contained an invalid value.
OKTA-463583
Using the Download in SVG format button to download a flow chart resulted in an error.
OKTA-467211
In the Workflows interface, the loading icon wasn’t visible.
Connector Fixes
OKTA-478578
For the GitHub connector, the Update File Content action card returned an error when the target file exceeded 1MB in size.

Connector Builder is now available in Early Access
Connector Builder is a no-code development tool for creating connectors on the Workflows platform.
The following features are now available to build a connector:
-
Add connector branding
-
Define authentication
-
Build action cards, including a Custom API Action card
-
Deploy a new connector locally for internal use
Connector Builder leverages Workflows drag-and-drop functionality to build action cards. Connectors that are built using Connector Builder can be deployed to local environments or submitted to the Okta Integration Network for review and deployment to the public catalog.
Fixes
OKTA-468248
For the New Email event card in the Office 365 Mail connector, the body of an email wasn't displayed in the Text Body field.
OKTA-475008
For the New Email event card in the Gmail connector, the body of an email wasn't displayed if it was in plain text format.
Connectors
Connector Updates
Jamf Pro Classic API
For the Jamf connector, the following action cards are now available:
-
Add Computer to Static Computer Group
-
Add Mobile Device to Static Mobile Device Group
-
Create Static Computer Group
-
Create Static Mobile Device Group
-
Delete Computer Group
-
Delete Mobile Device Group
-
Read Computer Group
-
Remove Computer from Static Computer Group
-
Remove Mobile Device from Static Mobile Device Group
Office 365 Admin
For the Office 365 Admin connector, the following action cards are now available:
-
Assign Manager
-
Create Contact
-
List Contact Folders
-
Read User Manager
-
Revoke User Sign In Sessions
-
Search Contacts

Fixes
OKTA-447414
For the Slack connector, a reauthorization caused the connection to break.
OKTA-459220
For the Okta connector, the Search Groups action card returned 200 records only.
OKTA-465408, OKTA-465214, OKTA-465396
On the Delete Object action card for the AWS S3 connector, no error message was returned if the input value for the Key field was null or invalid, or if a specified key didn't exist.
OKTA-465464, OKTA-465497, OKTA-466084, OKTA-466092, OKTA-466112
On the Read Object action card for the AWS S3 connector, no error message was returned if an invalid input was entered in the following fields:
-
Region (Options field)
-
If Modified Since
-
If None Match
-
If Match
-
SSE Customer Key
-
SSE Customer Key MD5
OKTA-469920
For the Shopify connector, the Domain field in the New Connection authentication dialog didn't accept dash (-) values.
Connectors
Connector Updates
Atlassian Admin
For the Atlassian Admin connector, a Jira Account ID output field is now available on the following cards:
-
Create User
-
Get User
-
Search Users
AWS S3
For the AWS S3 connector, the following action cards are now available:
-
Copy Object
-
Custom API Action
-
Search Buckets
-
Search Objects
-
Tag Object
See AWS S3 connector.
Okta
For the Okta connector, the following event and action cards are now available:
-
Search System Logs (action)
-
User Account Locked
-
User Account Unlocked
See Okta connector.

Fixes
OKTA-462297
For the Send Email and Send Email with Attachment action cards of the Gmail connector, an error was returned when < >
angle brackets were used in the From field.

Fixes
OKTA-473150
The importing of flows that contained If Error or If/Else function cards failed.

Special Announcement
From February 22, 2022 onward, all eligible Zendesk HTTP targets will be converted to webhooks. As a result, a new version of the Zendesk connector is now available in Preview and Production environments. The following event cards are impacted by the connector upgrade:
-
New Comment on Ticket
-
New Ticket
-
Updated Ticket
If a flow is stopped and subsequently started again, a new Zendesk webhook will be created.
See Zendesk connector.
Fixes
OKTA-457102
For an API Endpoint-based flow, if neither the Expose as Webook nor the Expose as Public Service options were selected, an error message indicated that the flow couldn’t be activated.
OKTA-462297
For the Gmail connector, the sender’s display name didn’t appear properly in the From field on the Send Email and Send Email with Attachment action cards.

Features and Enhancements
Back up for flows and folders
Storage for flows and folders is now available in GitHub and Google Drive in production environments. Several Workflows artifacts are available to facilitate this feature:
-
The Export Flow and Export Folder function cards.
-
The Create Pull Request action card for the GitHub connector.
-
The Versioning for Flows and Folders with GitHub template.
See Back up for flows and folders and Set up a template for flow back up.
New System Log messages for Workflows
For Workflows, 17 new Okta System Log messages are now available in production environments. The new messages pertain to basic Create, Read, Update, and Delete (CRUD) operations for flows, tables, and connections.
See Event Types.
Fixes
OKTA-447435
For the GitHub connector, on the Add User to Team and Remove User from Team action cards, the Team dropdown field listed the names of only 30 teams.
OKTA-467192
When a flowpack was imported, the display for the number of flows and tables in a folder wasn't refreshed.

Features and Enhancements
New Templates
The following templates are now available in Preview and Production environments:
-
Audit Okta admin roles and last login to Admin Console
-
Capture document signatures in Adobe Sign
-
Password sync for ChromeOS devices
-
Quarantine an Okta user by sending a webhook to Workflows
-
Trigger automatic notifications when all MFA factors are reset
Fixes
OKTA-328285
For the Jira Service Desk Connector, the New Request in Queue event card returned an error if a new (non-request type) issue was created.
For the Jira Service Desk connector, the New Request in Queue event card acted on any Request Type or Queue option regardless of the options selected in those dropdown fields.
OKTA-440868
For the Jira connector, the Create Issue action card falsely displayed the Parent input field as required.
OKTA-441238
For the Jira connector, preformatted text
was not read properly when passed to the Create Issue action card.
OKTA-459525
For the Dropbox for Business connector, connections timed out unexpectedly.
Connectors
New Connectors
AWS S3
The AWS S3 connector is now available with the following action cards:
-
Create Bucket
-
Delete Bucket
-
Delete Object
-
Download Object
-
Read Object
-
Read Object Tags
See AWS S3 connector.
Secure Code Warrior
The Secure Code Warrior connector is now available with the following action cards:
-
Check Assessment Completion for User
-
Check Course Completion for User
-
Custom API Action
-
Get Assessment Attempts for User
-
List Course Enrollments for User
See Secure Code Warrior.
Connector Updates
Gmail
For the Gmail connector, several enhancements are now available in action cards:
-
The Google Cloud Platform Project and Service Account dropdown fields now list a maximum of 100 options.
-
The
Enter Service Account Email
option is now available on the Google Cloud Platform Project and Service Account dropdown fields. -
If options on the Google Cloud Platform Project or the Service Account dropdown fields fail to load, the
Enter Service Account Email
option will appear as the only available option. -
When
Enter Service Account Email
is selected from the Service Account dropdown field, an additional Email input field in the Service Account section of the card appears.
These enhancements are available on the following cards:
-
Add Delegate
-
Add Send-As Alias
-
Delete Delegate
-
Delete Send-As Alias
-
Forward Emails
-
List Delegates
-
Set Auto Reply
-
Update User Gmail Settings
See Gmail connector.
Slack
For the Slack connector, several enhancements are now available in event and action cards:
-
A maximum of 200 public and 200 private channels (as applicable on some cards) now appear in the Channel dropdown field.
-
For action cards, when a failure occurs and no channels are listed in the Channel dropdown field, an
Enter Channel ID
option appears.
These enhancements are available on the following cards:
-
Archive Channel
-
Get Users in Channel
-
Invite User to Channel
-
Join Channel
-
Leave Channel
-
New Message in Channel (event)
-
New Message in Private Channel (event)
-
New Pinned Message (event)
-
Read Message History
-
Remove User from Channel
-
Rename Channel
-
Send Ephemeral Message
-
Send File to Channel
-
Send Message to Channel
See Slack connector.
Zendesk
For the Zendeskconnector, retries for error handling are no longer available on the following event cards:
-
New Comment on Ticket
-
New Ticket
-
Updated Organization
-
Updated Ticket
See Zendesk connector.

Features and Enhancements
New System Log messages for Workflows
For Workflows, 17 new Okta System Log messages are now available in production environments. The new messages pertain to basic Create, Read, Update, and Delete (CRUD) operations for flows, tables, and connections.
This is an Early Access feature. To enable it, please contact Okta Support.
See Event Types.
Fixes
OKTA-432988
Some contextual help documentation didn’t appear in the expanded Workflows help pane in Preview environments.
OKTA-440868
For the Jira connector, the Create Issue action card falsely displayed the Parent input field as required.
OKTA-441238
For the Jira connector, preformatted text
was not read properly when passed to the Create Issue action card.
OKTA-446175
If a browser’s navigation buttons were used while the API Endpoint Settings dialog was open, Workflows Designer encountered an error.
Connectors
New Connectors
Microsoft Teams
For the Microsoft Teams connector, the following action cards are now available:
- Create Chat
-
Search Channels
-
Search Chats
-
Send Message to Channel
-
Send Message in Chat
For the Create Channel card, the Members field has been replaced with the User IDs field.
The following scopes are now available:
-
Channel.Create
-
ChannelSettings.ReadWrite.All
-
ChannelMessage.Send
-
Chat.ReadWrite
Office 365 Calendar
The Office 365 Calendar connector is now available with the following action cards:
- Create Event
-
Custom API Action
-
Delete Event
-
List Calendars
-
Read Event
-
Search Events
-
Search Rooms
-
Update Event
Office 365 Mail
For the Office 365 Mail connector, the Custom API Action card and the following scopes are now available:
-
Mail.ReadWrite
-
Mail.Send
-
Mail.Send.Shared
-
Mail.ReadWrite.Shared
-
offline_access
OneDrive
The OneDrive connector is now available with the following event and action cards:
-
Create Folder
-
Create Organization Sharing Link
-
Create Recipients Sharing Link
-
Custom API Action
-
Delete Permission
-
Download File
-
File or Folder Updated (event)
-
List Permissions
-
Move File or Folder
-
Read File or Folder
-
Search Files or Folders
-
Upload File
See OneDrive connector.
Secure Code Warrior
The Secure Code Warrior connector is now available with the following action cards:
-
Check Assessment Completion for User
-
Check Course Completion for User
-
Custom API Action
-
Get Assessment Attempts for User
-
List Course Enrollments for User
See Secure Code Warrior.
Connector Updates
HubSpot CRM
For the HubSpot CRM connector, the contacts scope has been deprecated. The following scopes are now available:
crm.objects.contacts.write
crm.objects.contacts.read
crm.objects.companies.write
crm.objects.companies.write
To ensure that these granular scopes are granted to your HubSpot CRM application, reauthenticate your HubSpot CRM connections by February 28, 2022.
See Authorization

Fixes
OKTA-344710
When an input or output field with a long name was dragged to a Text Compose function card, the field name wasn't displayed properly.
OKTA-447206
When an Object Get Multiple function card was moved out of an If Error function card, an error was returned.

Features and Enhancements
New System Log messages for Workflows
For Workflows, 17 new Okta System Log messages are now available in preview environments. The new messages pertain to basic Create, Read, Update, and Delete (CRUD) operations for flows, tables, and connections.
See Event Types.
Fixes
OKTA-432569
File names that contained Japanese characters were garbled.
OKTA-442251
When OAuth
was selected as the Auth Type for any API Connector card, an error was returned if the Client ID field contained an equal =
character.
OKTA-443886
On Note cards in flows, placeholder text didn’t render properly.
Connectors
Connector Updates
Box
For the Box connector, the following event cards are now available:
-
Collaboration Created
-
File Moved
-
File Uploaded
-
Folder Created
-
Shared Link Created
-
Shared Link Updated
See Box connector.

This release does not have release notes.

This release does not have release notes.

Features and Enhancements
New Templates
The following templates are now available in Preview and Production environments:
-
Automatically sync Shopify customer identity
-
Capture device security events from VMware Workspace ONE
-
Capture document signatures in DocuSign
-
Hardening customer verification with email factor challenge
-
Password change notification using SendGrid
-
Send email with attachment
-
Suspicious activity event alerts PagerDuty
Fixes
OKTA-449525
For the Slack connector, the Slash Command event card returned an encryption error even when the Signing Key field didn’t contain a value and No
was selected from the Use Signing Key? dropdown.

Fixes
OKTA-418616
When an empty folder was exported using the Export Folder function card, an error was returned.

Fixes
OKTA-418616
For the Jira connector, the Transition Issue action card failed to update the status of an issue.
OKTA-419174, OKTA-432632
For the Google Drive connector, the outputs from the Capabilities and Owners fields contained unexpected characters or were missing data on the following action cards:
-
Read File Info
-
Read Folder Info
OKTA-434746
For the Freshservice connector, the New Ticket event card didn’t poll consistently for new Freshservice tickets.
OKTA-440675
For the Salesforce connector, the following action cards timed out and returned an error message when a record type such as Account or Contact was chosen from the Record Type dropdown:
-
Create User
-
Read User
-
Update Record
-
Update User
OKTA-445323
No warning message appeared when a flow limit was reached by activating a helper flow.
OKTA-445338
When the Usage page was refreshed, the error message Not Found
appeared briefly.
OKTA-445848
When a flow or table was deleted, duplicated, or moved to another folder, the display for the number of flows and tables in a folder wasn't refreshed.
Connectors
Connector Updates
Google Drive
For the Google Drive connector, the File Content ID field was renamed as File Content on the following action cards:
-
Download File
-
Update File
-
Upload File

Fixes
OKTA-367151
Instead of producing .folder
and .flow
files as output, the Export Folder and Export Flow function cards produced .json
files.
OKTA-442961
The Workflows header icon unexpectedly returned a user to an older version of the Home page.
Connectors
Connector Updates
Asana
For the Asana connector, the Add Task action card is now available. See Add Task.

Features and Enhancements
Enhancements to the Workflows interface
Enhancements to Workflows navigation and the display for empty folders are now available. The updates also provide access to videos and templates directly from the Workflows designer canvas.
Child flow is now named "helper flow"
A child flow is now referred to as a helper flow on event and action cards and throughout the Workflows interface. Helper flow functionality remains unchanged. In folder view, a helper flow is now also distinguished from an API Endpoint, Schedule, or App Event flow. See Helper flows.
New flow limits for Workflows
For Workflows, new consumption plans will become available during November 2021 onwards for all customers.
An admin is allowed to run a maximum number of concurrent active flows according to these tiers:
-
Workflows starter plan: A free plan with five active flows to get started with Workflows.
-
Light Workflows with 50 active flows: A cost-based plan for the automation of on-boarding and off-boarding or to connect backend systems.
-
Medium Workflows with 150 active flows: A cost-based plan to automate processes for multiple employee, contractor, and customer systems.
-
Unlimited active flows: A cost-based plan to automate processes across an entire enterprise.
See Flow limits.
New Templates
The following templates are now available in Preview and Production environments:
-
Form Submission to Workflows API Endpoint
-
Identify inactive Okta users
-
Report suspicious activity
-
Send a welcome email to new user of an application
-
Temporarily exempt users from MFA
Fixes
OKTA-419701
For the Asana connector, a connection failed after a short period of time when a Service Account token was used for authentication.
OKTA-432122
For the Microsoft Teams connector, the number of records returned by the Search Teams action card wasn't limited by any value in the Record Limit input field.
OKTA-435196
For the Google Sheets connector, the Read All Spreadsheets action card returned information for 100 spreadsheets only.
OKTA-435699H
On the Create User action card for the Okta connector, when with Authentication Provider
was selected from the Option dropdown, the Provide Type and Provider Name input fields didn’t appear.
OKTA-435864
For the Salesforce connector, an unexpected error message HTTP Method 'POST' not allowed
was returned by the Create Multiple Records action card when a list was provided that didn't contain a type
key in the first object.
OKTA-435864
For the Salesforce connector, the Record Objects input field didn't appear as a required field on the Create Multiple Records action card.
OKTA-436064, OKTA-436067
For the Salesforce connector, an unexpected S3ClientError
was returned along with a 500 error code when a zero-byte-size file was uploaded using these action cards:
-
Upload Attachment
-
Upload Document
OKTA-436066
For the Salesforce connector, the Remove User Entitlements action card didn't validate against blank values in a license list that was used as input for the Feature Licenses field.
OKTA-436992
For the Salesforce connector, the Upload Attachment action card returned an error if the input value for the Record ID field referenced a record that wasn't created by the account used to authenticate the connector.
Connectors
Connector Updates
Gmail
For the Gmail connector, the following action cards are now available:
-
Add Send-As Alias
-
Delete Delegate
-
Delete Send-As Alias
-
List Delegates
See Gmail connector.
Google Workspace Admin
For the Google Workspace Admin connector, the following action cards are now available:
-
Sign Out User
-
Turn Off MFA
Jamf Pro Classic API
For the Jamf Pro Classic API connector, a connection now requires access to the /JSSResource/distributionpoints
endpoint.
See Authorization.
Microsoft Teams
For the Microsoft Teams connector, the following action cards are now available:
-
Add Member to Channel
-
Create Channel
-
List Channel Members
-
Read Channel
-
Remove Member from Channel
Okta (Hotfix)
For the Okta connector, the following event and action cards are now available:
-
Access Certification Decision Submitted (event)
-
Assign Group to Application
-
List Applications Assigned to Group
-
List Applications Assigned to User
-
List Groups Assigned to Application
-
Read Application
-
Read Assigned Group for Application
-
Remove Group from Application
-
Reset Password
-
Search Applications
For the Okta connector, enhanced search and data streaming options are now available on the following action cards:
-
Find Users
-
Get Users Groups
-
List Group Members
-
List Users Assigned to Application
-
List Users with Filter
-
List Users with Search
-
Search Groups
-
Search Group Rules
See Okta connector.
Salesforce
For the Salesforce connector, the following action cards are now available:
-
Download Attachment
-
Download Document
-
Download Document using Content Document Id
See Salesforce connector.

Fixes
OKTA-310318
For the Salesforce connector, the Upload Document action card returned an unexpected 500 error if a file with an invalid type was mapped to the File Content field.
OKTA-393662
For the Salesforce connector, the Upload Attachment action card failed to accept any file formats except .txt
.
OKTA-397127
On some Workflows cards, such as the Child Flow event card or the Get First Item function card, the error message Choose a unique name
was returned if the type for an output field was changed to Folder.
OKTA-404508
For the Okta connector, if an incorrect client ID or client secret was used when creating a connection, the attempt failed but no error message was returned.
OKTA-419485
For the Salesforce connector, the New Record event card and the Search Records action card timed out when attempting to load a large number of fields for some record types such as Case.
OKTA-427758
For the Salesforce connector, if Account
is selected from the Record Type dropdown on the Read Record action card, then the card timed out and returned a Failed to load
error message.
OKTA-430025
For function cards that require the selection of a child flow, such as the Call Flow or Unique Custom cards, scheduled flows were mistakenly also available for selection in the Select flow dialog.
OKTA-432595
For the Salesforce connector, if Account
was selected from the Record Type dropdown on some action and event cards, then one or more fields loaded as text instead of boolean. This error occurred on the following cards:
-
Build Record Object (action)
-
Create Record (action)
-
New Record (event)
-
Read Record (action)
-
Record Updated (event)
-
Search Records (action)
-
Update Record (action)
Connectors
Connector Updates
Jamf Pro Classic API
For the Jamf Pro Classic API connector, a connection now requires access to the /JSSResource/distributionpoints
endpoint. See Authorization.
See Box connector.

Fixes
OKTA-310318
For the Salesforce connector, the Upload Document action card returned an unexpected 500 error if a file with an invalid type was mapped to the File Content field.
OKTA-379225
For the Okta connector, the Read Group action card didn’t return a group’s custom properties.
OKTA-381961
In Folder view, the number of flows and tables temporarily appeared as 0
if the browser window was refreshed or when switching from one folder to another using the Workflows folder pane.
OKTA-393662
For the Salesforce connector, the Upload Attachment action card failed to accept any file formats except .txt
.
OKTA-410772, OKTA-432132
For the SendGrid connector, the Create Contact and Update Contact action cards failed and returned an Invalid input
error message if the account used for the connection didn't contain custom fields.
OKTA-419485
For the Salesforce connector, the New Record event card and the Search Records action card timed out when attempting to load a large number of fields for some record types such as Case.
OKTA-427682
For the Smartsheet connector, active flows that contained the New Row - Webhook or Row Updated - Webhook event cards didn’t return any data.
OKTA-427758
For the Salesforce connector, if Account
is selected from the Record Type dropdown on the Read Record action card, then the card timed out and returned a Failed to load
error message.
OKTA-430301
If an inactive flow was tested in a Workflows org whose active flow limit had already been reached, a 400 error was returned and overlapping dialogs appeared unexpectedly.
OKTA-432595
For the Salesforce connector, if Account
was selected from the Record Type dropdown on some action and event cards, then one or more fields loaded as text instead of boolean. This error occurred on the following cards:
-
Build Record Object (action)
-
Create Record (action)
-
New Record (event)
-
Read Record (action)
-
Record Updated (event)
-
Search Records (action)
-
Update Record (action)
OKTA-437000
In the New Connection dialog for the OpsGenie connector, if EU
was selected from the Instance dropdown, then the connection failed.
Connectors
Connector Updates
Dropbox for Business
For the Dropbox for Business connector, an active access token is now revoked if a connection to Box is deleted in Workflows.
Okta
On all event cards for the Okta connector, the Full Details output field is no longer available in Production.
For the Okta connector, the following action cards are now available in Production:
- Activate Group Rule
-
Create Group
-
Create Group Rule
-
Deactivate Group Rule
-
Delete Group
-
Delete Group Rule
-
Read Group Rule
-
Update Group
-
Update Group Rule
See Okta connector.

Features and Enhancements
Export Flow and Export Folder function cards
The Export Flow and Export Folder function cards now provide more detailed information on exported assets. In addition to the flow or folder object, both cards now provide Filename and Size as additional output fields.
See Export Flow and Export Folder.
Fixes
OKTA-421865
The access token for an API Connector card’s connection wasn’t refreshed if the following conditions were met:
-
OAuth was selected as the authentication type for the API Connector card
-
Flow containing the card ran at least once
-
Connection for the card was reauthorized
A 401 Unauthorized
error was also returned.
OKTA-437000
In the New Connection dialog for the OpsGenie connector, if EU
was selected from the Instance dropdown, then the connection failed.

Fixes
OKTA-426157
For the Okta connector, when the Group Profiles for University Directory feature was disabled in an Okta org, the Create Group action card didn’t load any input or output fields and returned the error "Failed to load".
OKTA-427657
For the Google Calendar connector, a delayed 500 error
with the message "System Module - Invalid authorization header for auth refresh" was returned if one of the following action cards was included in an active flow:
-
Create Transfer Request
-
Read Transfer Request
OKTA-428099
In Workflows, the Flow History page refreshed unexpectedly whenever a record for a completed execution was clicked in the Flow History tab.
Connectors
New Connectors
Jamf
The Jamf connector is now available with the following action cards:
-
Add User to Static User Group
-
Create Department
-
Create Static User Group
-
Create User
-
Custom API Action
-
Delete User
-
Delete User Group
-
Read Computer
-
Read Department
-
Read Mobile Device
-
Read Mobile Device Group
-
Read User
-
Read User Group
-
Remove User from Static User Group
-
Send Computer MDM Command
-
Send Mobile Device MDM Command
-
Update User
Microsoft Teams
The Microsoft Teams connector is now available with the following action cards:
-
Add Member
-
Create Team from Group
-
Custom API Action
-
List Members
-
Read Team
-
Remove Member
-
Search Teams
The Search Teams action card supports streaming.
Connector Updates
Box
For the Box connector, an active access token is now revoked if a connection to Box is deleted in Workflows.
See Authorization.
For the Box connector, the Address and Phone Number output fields have been added to the following action cards:
-
Get User
-
Search Users
See Box connector.
PagerDuty
For the PagerDuty connector, the following action cards are now available in Preview:
-
Add User to Team
-
Build Restriction Object
-
Build Schedule Layer
-
Build User Object
-
List Team Members
-
Read Schedule
-
Read Users on Call
-
Remove User from Team
-
Search Schedules
-
Search Teams
-
Update Schedule
The Search Schedules and Search Teams action cards support streaming.
See PagerDuty connector.

Fixes
OKTA-427595
In Workflows, the Help pane failed to produce results when any string was entered in the Search field.

Features and Enhancements
New and Updated Templates
The following templates are now available with an updated version of the Send Message to Channel action card for the Slack connector:
-
Introduction to lists and child Flows
-
Notify a user when their profile is updated
The Modernize your access request management with Okta and Slack template is now available in Preview and Production environments.
This template leverages Slack as the collaboration tool and interface to deliver a modern end-user experience during the request lifecycle. It includes a custom Slack application that allows your Slack workspace to interact with your Okta Identity Cloud tenant. To properly run and track requests, the solution uses child flows, internal tables, the Okta connector, and the Slack connector.
The Execute on-premises PowerShell with Okta Workflows template is now available in Preview and Production environments.
This template gives IT administrators the ability to incorporate PowerShell execution into the user’s lifecycle from the Okta Identity Cloud.
Fixes
OKTA-379225 (for Preview only)
For the Okta connector, the Read Group action card didn’t return a group’s custom properties.
OKTA-413874
On the Create Folder action card for the Google Drive connector, if Yes
was selected for the Shared Drive? option, a folder was created only in My Drive.
OKTA-422216
For the Office 365 Admin connector, the Read Directory Roles action card returned activated roles only.
OKTA-426018
For the Office 365 Admin connector, the Search Group Members action card returned only a maximum of 200 records when Stream Matching Records
was selected for the Result Set option.
OKTA-426018
For the Office 365 Admin connector, the Search Group Members action card returned an error if any input string contain a #
hash character.
Connectors
Connector Updates
Office 365 Admin
For the Office 365 Admin connector, the following action cards are now available in Preview and Production:
-
Assign Role to User
-
Read Directory Roles
-
Read User Roles
-
Search Group Members
-
Unassign Role from User
See Office 365 Admin connector.
For the Office 365 Admin connector, the following input fields are no longer available in Preview and Production:
-
The Created Date Time field in the Search Users action card. See Search Users.
-
The Renewed Date Time field in the Search Groups card. See Search Groups.
Okta
On all event cards for the Okta connector, the Full Details output field is no longer available in Preview.
For the Okta connector, the following action cards are now available in Preview:
- Activate Group Rule
-
Create Group
-
Create Group Rule
-
Deactivate Group Rule
-
Delete Group
-
Delete Group Rule
-
Read Group Rule
-
Update Group
-
Update Group Rule
See Okta connector.

Fixes
OKTA-381800
For the Okta connector, when a forward slash character was entered in the search field, a 400 Bad Request error displayed.
OKTA-403457
For scheduled Flows, the time remaining counter performed a reset during a page refresh, causing it to display inaccurate information.
OKTA-420972
For longer Flows, the Flow Chart exceeded the boundary of the Workflows page.
OKTA-424756
An incorrect dialog box was displayed when a Flow Count Limit was encountered.
OKTA-424758
The Connector Access error message wasn't properly displayed.
OKTA-425998
Workflows couldn't process more than 1,000,000 entries in a query.

Features and Enhancements
New System Log messages for Workflows
For Workflows, 17 new Okta System Log messages are now available. The new messages pertain to basic Create, Read, Update, and Delete (CRUD) operations for flows, tables, and connections.
This is an Early Access feature. To enable it, please contact Okta Support.
See Event Types.
Fixes
OKTA-419772
When the API Endpoint card was used as a webhook, backward slash characters \
were dropped and forward slash characters /
weren't escaped from raw JSON output payloads.
OKTA-422061
For the Zendesk connector, if a -
dash character was included in the input value for the Subdomain field on the connector’s authorization dialog box, then the attempt to create a connection or reauthorize a connection failed.
Connectors
New Connectors
Opsgenie
The Opsgenie connector is now available with the following action cards:
-
Add Team Member
-
Build Participant Object
-
Build Time Restriction Object
-
Create Schedule
-
Create Schedule Rotation
-
Create Team
-
Create User
-
Custom API Action
-
Delete Schedule
-
Delete Schedule Rotation
-
Delete Team
-
Delete User
-
List Teams
-
Read On-Call Participants
-
Read Schedule
-
Read Schedule Rotation
-
Read Team
-
Read User
-
Remove Team Member
-
Search Users
-
Update Schedule Rotation
-
Update User
The Search Users action card supports streaming.
See Opsgenie connector.
Connector Updates
Google Calendar
For the Google Calendar connector, the Custom API Action card is now available.
See Custom API Action.
Google Cloud Functions
For the Google Cloud Functions connector, the Custom API Action card is now available.
See Custom API Action.
Google Drive
For the Google Drive connector, the Custom API Action card is now available.
See Custom API Action.
Google Sheets
For the Google Sheets connector, the Custom API Action card is now available.
See Custom API Action.
Google Workspace Admin
For the Google Workspace Admin connector, the Custom API Action card is now available.
See Custom API Action.
Office 365 Admin
For the Office 365 Admin connector, the following action cards are now available in Preview:
-
Assign Role to User
-
Read Directory Roles
-
Read User Roles
-
Search Group Members
-
Unassign Role from User
See Office 365 Admin connector.
For the Office 365 Admin connector, the following input fields are no longer available in Preview:
-
The Created Date Time field in the Search Users action card. See Search Users.
-
The Renewed Date Time field in the Search Groups card. See Search Groups.

Fixes
OKTA-331977
The AES encryption function card returned an Invalid Input
error message regardless of the selected algorithm or the key and data input values.
OKTA-393951
For the Gmail connector, an unexpected error message was returned when prohibited domains, such as gmail.com
, were used to create a connection.
OKTA-412509
For the Gmail connector, diacritical marks (such as accent marks, circumflex accents, or tildes) weren't processed correctly if they were used in the Subject input field of an action card.
OKTA-419268
In Workflows, some folders and their flow contents were inaccessible or couldn’t be shared.
Connectors
Connector Updates
Gmail
For the Gmail connector, the Custom API Action card is now available.
See Custom API Action.
Zendesk
For the Zendesk connector, the following action cards are now available:
-
Read Organization
-
Search Organizations
-
Update Organization
See Zendesk connector.

Connectors
Connector Updates
Okta
For the Okta connector, streaming is now available in Preview and Production for the following action cards:
-
Find Users
-
List Users with Filter
-
List Users with Search
Instead of producing a list of search results, streaming allows Workflows admins to circumvent limits on the number of records that be produced in a search and pass those results to a child flow.
See Okta connector.
Fixes
OKTA-402844
In Workflows, the display for the number of tables in a folder wasn’t updated after one or more tables were deleted.
OKTA-415715
When Workflows users imported a missing flow into a folder, the Choose Flow button in the Import dialog was obscured if the referenced flow contained a very long name.

Fixes
OKTA-405759
For the True/False XNOR function card, both input fields were labeled identically.
OKTA-410637
For the Excel Online connector, the Row Added or Updated event card didn’t process the data in a cell correctly if it contained a comma.
OKTA-417992
On the Update User action card for the Okta connector, the Password field value was reset unexpectedly if the card or a flow that included the card was tested after the following conditions were met:
-
Update Semantics drop-down field in the Options section was set to
Partial
. -
Pass Empty Values? drop-down field was set to
Yes
. -
One or more additional input fields were selected.
Connectors
Connector Updates
Evident ID
For the Evident ID connector, both demo (sandbox) and production accounts are now supported. See Authorization.

Features and Enhancements
Table function cards
The Clear Table function card is now available. By selecting a table from the Choose Table dialog box or specifying a table ID at runtime, you can delete all the rows of a table. See Clear Table.
On the Read Table function card, you can now specify the table from the Choose Table dialog box or specify a table ID at runtime. See Read Table.
Fixes
OKTA-407318
When a connection was tested repeatedly on an event or action card, several test dialog boxes appeared.
Connectors
Connector Updates
Slack
For the Slack connector, the following event and action cards are now available:
-
Get Users in Channel
-
New Channel Created (event)
-
Remove User from Channel
-
Rename Channel
-
Send Ephemeral Message
-
Send File to Channel
-
Send File to User
The following action cards now support block type messages through the Message Type drop-down option:
-
Send Direct Message
-
Send Message to Channel
The following action cards now return a maximum of 100 public channels and 100 private channels:
-
Archive Channel
-
Join Channel
-
Leave Channel
-
Read Message History
The Slash Command action card now supports signing Slack API requests through the Use Signing Key drop-down option.
The Invite User to Channel action card now supports inviting users by username or by user ID through the Field Type drop-down option.
The Search Channel action card now includes the Is Private? and Purpose output fields.

To use the new Slack action cards, you must re-authenticate your existing connection or create a new connection to Slack, as the cards require the new scope files:write
.
See Slack connector.

Features and Enhancements
Templates
The Capture phishing events from GoPhish template is now available in Preview and Production environments.
This template listens to phishing events captured by GoPhish when a user opens a email phishing link or submits information or credentials to a phishing page. This information can be used by Okta to change login procedures and reset user credentials upon security events.
The Suspicious Activity Reported template is now available in Preview and Production environments.
This template provides an end user with the option to report unrecognized activity from an account activity email notification. When end users receive a security email notification, they can send a report by clicking Report Suspicious Activity. Once they review the activity, they can confirm and complete the report.
Fixes
OKTA-410593
When building child flows, users couldn’t change the default value of input fields for the Child Flow card whose Field Type was Number.
Connectors
Connector Updates
Dropbox for Business
For the Dropbox for Business connector, the following action cards are now available:
-
Download File
-
Search Files or Folders
-
Upload File
Note: You must re-authenticate your existing connection or create a new connection to Dropbox for Business to use the new cards, as they require the following new scopes:
-
files.metadata.read
-
files.content.read
-
files.content.write
-
team_data.member
Freshservice
The Freshservice connector is now available with the following action and event cards:
-
Create Ticket
-
Delete Ticket
-
New Ticket (event)
-
Read Ticket
-
Search Tickets
-
Search Users
-
Ticket Updated (event)
-
Update Ticket
The Search Tickets and Search Users action cards support streaming.

Features and Enhancements
Templates
The Capture phishing events from GoPhish template is now available in Preview and Production environments.
This template listens to phishing events captured by GoPhish when a user opens a email phishing link or submits information or credentials to a phishing page. This information can be used by Okta to change login procedures and reset user credentials upon security events.
The Suspicious Activity Reported template is now available in Preview and Production environments.
This template provides an end user with the option to report unrecognized activity from an account activity email notification. When end users receive a security email notification, they can send a report by clicking Report Suspicious Activity. Once they review the activity, they can confirm and complete the report.
Connectors
Connector Updates
Shopify
For the Shopify connector, the Delete Customer action card is now available.
See Shopify connector.

Features and Enhancements
Updated descriptions for Box connector cards
In the Workflows interface, updated descriptions and improved search results for event and action cards are now available for the Box connector.
Connectors
Connector Updates
Box
For the Box connector, the following action cards are now available:
-
Download File
-
Upload File
See Box connector.
Google Drive
For the Google Drive connector, the Download File action card is now available.
Office 365 Admin
For the Office 365 Admin connector, unsupported input fields have been removed from the following action cards:
-
Search Groups
-
Search Users
-
Update User

New documentation site for Workflows
Workflows now has its own dedicated help site: Workflows.
This enhancement offers direct access to independent online help for Workflows from help.okta.com. The new site provides several benefits:
-
Compactly designed, product-centric content
-
Streamlined navigation
-
More efficient content updates and responsiveness to customer feedback
Features and Enhancements
Loading spinner for tables
On the Tables tab, an animated loading spinner is now displayed when all rows are being deleted.
Fixes
OKTA-383256
When a flow was first opened, it wasn’t displayed in the Workflows interface until the automatic testing of the connections that are used in that flow was completed.
OKTA-402818
When a template was installed more than once, some template flows didn’t appear in their folders.
OKTA-404395
When viewing the contents of a folder, admins couldn't access the list of flows if the tables from that folder failed to load.
OKTA-409054
For the Zoom connector, the Delete User action card didn’t return a status code when a user profile was deleted.
Connectors
New Connectors
Freshservice
The Freshservice connector is now available with the following action cards:
-
Create User
-
Custom API Action
-
Deactivate User
-
Read User
-
Update User
Connector Updates
SendGrid
For the SendGrid connector, the Send Email action card is now available.
See SendGrid connector.
Zoom
For the Zoom connector, several enhancements are now available:
-
The Delete User card now supports the disassociating of users and the transfer of assets. Admins can disassociate a user from a paid plan and allow the transfer of recordings, meetings, and webinars to another user. See Delete User.
-
The Custom API Action card now allows admins to select the Zoom API or SCIM API. See Custom API Action.
-
The
users/user:write:admin
scope enables the Delete User and Custom API Action cards to call the Zoom API to perform the disassociate and transfer use cases.

Features and Enhancements
Okta Workflows applications exempt from application limit
Okta Workflows applications that are provisioned no longer count towards the organization’s total application count. This enhancement allows admins to add more applications.
Templates
The Special Character Validation and Substitution template is now available in Preview and Production environments.
This template identifies some of the most common special or invalid characters in user names and provides substitutions. The validated or repaired name is then placed in a user profile attribute in Okta. The original name is preserved for display purposes and the updated name is used for technical purposes.
Fixes
OKTA-387863
For the GitHub connector, the Search Users action card sometimes failed to return a boolean value for the Active output field.
OKTA-399617
Several unsupported encryption algorithms were listed on the following Encryption function cards:
-
Decrypt
-
Encrypt
-
Hash
-
HMAC
-
Sign
OKTA-403530, OKTA-403531
For the Google Workspace Admin connector, a 404 error code was returned if a null or empty string value was used in the ID input fields of these action cards:
-
Activate User
-
Deactivate User
OKTA-405314
For the Salesforce connector, a 204 error was returned if the Feature Licenses option was selected and an invalid value was used for the User ID input field on the Remove User Entitlements action card.
OKTA-405844
When a table import took an excessive amount of time, a timeout error was returned erroneously but the process continued in the background.
OKTA-407111
A table’s display wasn't refreshed after all its rows were deleted.
Connectors
Connector Updates
Okta
For the Okta connector, updated descriptions for event cards are now available in the Workflows interface in Preview environments.

Connectors
Connector Updates
Google Drive
For the Google Drive connector, support for shared drives is available for the following action cards:
-
Copy File
-
Create Folder
-
Create Permission
-
Update File Info
-
Update File Permission
-
Update Folder Info

Fixes
OKTA-377495
For the Gmail connector, the Service Account drop-down field in the Options section of action cards did not list all available accounts.
OKTA-391224
For the Google Workspace Admin connector, the Read User Licenses card didn’t produce license information for all users in a search query.
OKTA-399378
The Workflows platform experienced performance issues that caused timeout errors and delayed flow executions.
Connectors
Connector Updates
Google Calendar
For the Google Calendar connector, the following action cards are now available:
-
Add User To Calendar
-
Remove User From Calendar
-
Search Rooms
Google Workspace
For the Google Workspace Admin connector, the Create User card is now updated. The Is Admin? and Is Delegated Admin? boolean input fields are no longer available when the action card is added to new or existing flows. Where the Create User action card is already part of an existing flow, the input fields will remain.
For the Google Workspace Admin connector, the section header for the Status Code output field has been updated from Response to Result for the following action cards:
-
Activate User
-
Add Address to User
-
Add Email to User
-
Add External ID to User
-
Add Relation to User
-
Add User to Group
-
Assign License to User
-
Deactivate User
-
Delete User
-
Delete User Access Token
-
Delete User Alias
-
Delete User ASP
-
Delete User Device
-
Invalidate User Verification Code
-
Make User Admin
-
Perform Device Action
-
Remove User from Group
-
Unassign License from User
-
Update User
Jira
For the Jira connector, the Update Issue card now returns an error message if a custom field is used that is not already configured for the Jira issue type.
See Jira connector.

Fixes
OKTA-403288
In List function cards, the attribute for an output field appeared as Object even if it was set to another type.
Connectors
Connector Updates
Okta
For the Okta connector, the following event cards are now available:
-
User MFA
-
User MFA Factor Activated
-
User MFA Factor Deactivated
-
User MFA Factor Reset All
For the Okta connector, the Application Created event card now has four additional output fields for an Okta user:
-
ID
-
Alternate ID
-
Display Name
-
Type
See Okta connector.

Features and Enhancements
Enhancements to the Add app action menu for API Connector
The Add app action menu for API Connector cards has been enhanced for better usability.
Character limits for folder names on the Home page
The character limit has been removed for folder names displayed above a flow list on the Workflows home page.
Updated descriptions for ServiceNow cards in the Workflows interface
For the ServiceNow connector, updated descriptions and improved search results for event and action cards are now available in the Workflows interface.
Fixes
OKTA-379325
Flow executions didn't run on the defined monthly cadence if they were set up with the Flow Schedule dialog.
OKTA-392558
When a card was added to two different stages of a flow, two instances of the Add app action menu appeared in Workflows designer simultaneously.
OKTA-393889
For OAuth connectors, file upload and download cards and their attachments received a 400 status code (Unknown Error) if they entered OAuth refresh.
OKTA-396050
For the OneTrust connector, an ambiguous error message was returned when invalid credentials were used for a connection.
OKTA-397144
The following function cards which were not intended for general availability were accessible in Workflows environments:
-
CSV - Decode
-
CSV - Encode
-
List - Map
Connectors
Connector Updates
Evident ID
For the EvidentID connector, the following action cards are now available:
-
Create Verification Request (action)
-
Read Verification Results (action)
-
Search Request Templates (action)
-
Verification Request Completed (event)
-
Verification Request Created (event)
-
Verification Request Submission Completed (event)
See Evident ID connector.
Google Workspace
For the Google Workspace Admin connector, updated error messages are now available for the following action cards:
-
Delete User Access Token
-
Delete User ASP
-
Delete User Device
-
Invalidate User Verification Code
-
Perform Device Action
-
Read All User Access Tokens
-
Read All User ASPs
-
Read All User Devices
-
Read All Verification Codes
Several enhancements are now available for the Update User action card:
-
The Is Admin? and Is Delegated Admin? boolean input fields are no longer available when the action card is added to new or existing flows. Where the Update User action card is already part of an existing flow, the input fields will remain.
-
The Archive? boolean input field has been added. The Archive? field requires the G Suite Business - Archived User add-on.
On the Read User action card, the Is Archived? boolean input field has been added.
Okta
For the Okta connector, streaming is now available in Preview for the following action cards:
-
Find Users
-
List Users with Filter
-
List Users with Search
Instead of producing a list of search results, streaming allows Workflows admins to circumvent limits on the number of records that be produced in a search and pass those results to a child flow.
See Okta connector.
OneTrust
For the OneTrust connector, the following action cards are now available:
-
Create Data Subject
-
Read Data Subject
-
Search Data Subjects
-
Update Data Subject
See OneTrust connector.
ServiceNow
For the ServiceNow connector, the following action cards are now available:
-
Download Attachment
-
Upload Attachment
See ServiceNow connector.

Features and Enhancements
Updated descriptions for cards in the Workflows interface
In the Workflows interface, updated descriptions and improved search results for event and action cards are now available for the Jira Service Desk connector.
Templates
The Reference an on-premises LDAP Mulesoft template is now available.
This template provides instructions on how to use Mulesoft Anypoint to allow Okta Workflows to reference an on-premises Lightweight Directory Access Protocol (LDAP) repository.

Features and Enhancements
Updated descriptions for cards in the Workflows interface
For the PagerDuty connector, updated descriptions and improved search results for event and action cards are now available in the Workflows interface.
Fixes
OKTA-390060
For the Office 365 Mail connector, users who attempted to use the Send Email action card received an Error Quota Exceeded
error message.
Connectors
Connector Updates
Okta
For the Okta connector, the following action cards are now available:
-
Delete Linked Object Value
-
Get Associated Linked Object Values
-
Get Primary Linked Object Value
-
Set Linked Object Value for Primary
See Okta connector.

Features and Enhancements
Updated descriptions for action cards
In the Workflows interface, updated action card descriptions are now available for the following connectors:
-
Advanced Server Access
Fixes
OKTA-394689
The Search Users action card for the DocuSign connector sometimes ran for a long time without returning any results.
OKTA-386777
Files couldn't be downloaded from a card's Test output.
Connectors
Connector Updates
Zendesk
For the Zendesk connector, the following event cards are now available:
-
Download Attachment
-
Read Ticket Attachments
-
Upload Attachment
See Zendesk connector.
Functions
Function Enhancements
New CSV functions added
The following new CSV function cards have been added for Workflows environments created through Okta:
- Decode: Decode a CSV string into a list of objects.
- Encode: Encode a list of objects into a CSV string.
New List functions added
The following new List function cards have been added for Workflows environments created through Okta:
-
Combine All: Concatenate multiple lists into one list.
-
Group By: Group a list by values specified at a path index.
-
Map Objects: Map a list of objects onto another group of objects using a mapping.
-
Split: Split a list at the provided index.
-
Statistics: Read stats about a list of numbers.
-
Swap: Swap two elements in a list.
New Object functions added
The following new Object function cards have been added for Workflows environments created through Okta:
-
Collapse: Collapse a list of objects with key and value properties into a single object, removing duplicates.
-
Split: Split an object into a list of objects, each with key and value properties.

Features and Enhancements
Ability to clear all table data
In the Workflows designer, to clear data in a table, the Delete All Rows button is now available.
Help when creating new flows
The Workflows interface has been enhanced for clearer guidance when creating new flows.
Enhancements to HTTP cards
The HTTP function card grouping is now named API Connector, and the cards in the grouping have undergone minor design enhancements.
To facilitate access, API Connector cards are now available from both the App Action and Function menus. Additionally, in the App Action menu, if a search for connectors produces null results, a link to the API Connector card grouping appears in the search dialog box.
API Connector cards allow a user to make an API call to any public-facing third-party API endpoint that isn’t already available in Workflows.
Improved Suggest an app dialog
In the Workflows App Action menu, the Suggest an app dialog now allows for additional details in a new request or suggestion.
Fixes
OKTA-387737
When a flow that referenced a deleted table was imported, the Import dialog box included an unexpected prompt to enter a table ID manually.
Functions
Function Enhancements
New CSV functions added
The following new CSV function cards have been added for Workflows environments created through Okta:
- Decode: Decode a CSV string into a list of objects.
- Encode: Encode a list of objects into a CSV string.
New List functions added
The following new List function cards have been added for Workflows environments created through Okta:
-
Combine All: Concatenate multiple lists into one list.
-
Group By: Group a list by values specified at a path index.
-
Map Objects: Map a list of objects onto another group of objects using a mapping.
-
Split: Split a list at the provided index.
-
Statistics: Read stats about a list of numbers.
-
Swap: Swap two elements in a list.
New Object functions added
The following new Object function cards have been added for Workflows environments created through Okta:
-
Collapse: Collapse a list of objects with key and value properties into a single object, removing duplicates.
-
Split: Split an object into a list of objects, each with key and value properties.

Features and Enhancements
Updated descriptions for cards in the Workflows interface
In the Workflows App Action and Add Event menus, updated descriptions and improved search results for event and action cards are now available for the following connectors:
-
Google Workspace
-
Slack
Updated descriptions are now also available for Tables function cards.
Fixes
OKTA-377108
For the Office 365 Mail connector, a Message ID is empty
error message was returned after an email was sent.
OKTA-380602
For Child Flow event cards, the input field type Folder was available in Workflows even when it was an invalid option. As a result, when a new input field of the type Folder was added to a Child Flow event card, the error message Choose a unique name
was returned.
Connectors
New Connectors
Shopify
The Shopify connector is now available with the following action cards:
-
Add Address to Customer
-
Create Customer
-
Custom API Action
-
Read Customer
-
Search Customers
-
Update Customer
See Shopify connector.
Connector Updates
Slack
For the Slack connector, support for a channel name input is now available. The Channel ID or Name and Channel Type input fields are now available on the Send Message to Channel action card. See Send Message to Channel.

Features and Enhancements
Templates
The following templates are now available:
-
Manage AWS SSO: The AWS SSO connector allows entitlements (accounts and permission sets) to be added and removed for Okta and AWS users and groups. The flows in this template are triggered when an Okta user is added to or removed from an Okta group. The Okta group holds the entitlements, and the user is updated accordingly in AWS.
-
New User Registration: For customer identity and access management use cases, this template demonstrates how to implement custom processing of new users within the specific context of a business unit, locale, or brand.
-
OnFido Create Applicant: For identity verification, this template creates an OnFido applicant using a User Created event card for the Okta connector and saves the applicant ID in the user’s Okta profile.
-
Remote Sync: This template provides an easy-to-implement, fully customizable method to update a remote system that serves as the identity information source in Okta with CRUD (create, update, and delete) operations.
Fixes
OKTA-336920
When an event hook for the Okta connector failed to be verified during a flow's activation, the hook wasn’t deactivated or deleted.
OKTA-365441
For the Salesforce connector, the following action cards now include a Country input field:
-
Create User
-
Update User
The following action cards now include a Country output field:
-
Read User
-
Search Users
Connectors
New Connectors
HubSpot CRM
The HubSpot CRM connector is now available with the following action cards:
-
Associate Contact with Another Object
-
Create Contact
-
Custom API Action
-
Delete Contact
-
Read Company
-
Read Contact
-
Remove Association between Contact and Another Object
-
Search Companies
-
Search Contacts
-
Update Contact

Features and Enhancements
Updated descriptions for cards in Workflows interface
In the Workflows App Action menu, updated descriptions and improved search results for event and action cards are now available for the following connectors:
-
AWS Lambda
-
Google Cloud Functions
-
Slack Admin
Fixes
OKTA-372805
Admins were able to change connections on event cards for connected apps without initially stopping a flow. By doing so, event hooks were left in an active state, thus negatively impacting the number of event hooks that were available to admins in an org.
Connectors
New Connectors
AWS SSO
The AWS SSO connector is now available with the following action cards:
-
Add AWS Entitlements
-
List AWS Entitlements
-
List Instances
-
Remove All AWS Entitlements
-
Remove AWS Entitlements
SendGrid
The SendGrid connector is now available with the following action cards:
-
Add Contact to List
-
Create Contact
-
Create List
-
Create Single Send
-
Custom API Action
-
Delete Contact
-
Read Contact
-
Read Contact Job
-
Schedule Single Send
-
Search Contacts
-
Update Contact
See SendGrid connector.
Connector Updates
Okta
For the Okta connector, the following event cards are now available:
-
Application Activated
-
Application Created
-
Application Deactivated
-
Application Deleted
-
Application Updated
-
User Password Imported
See Okta connector.

Features and Enhancements
Updated descriptions for cards in Workflows interface
In the Workflows App Action menu, updated descriptions and improved search results for event and action cards are now available for the following connectors:
-
Advanced Server Access
-
Office 365 Admin
-
PagerDuty
-
Smartsheet
-
Zendesk
Fixes
OKTA-343673
Action cards couldn’t be dragged inside an If Error function card.
OKTA-374918
If a folder name contained Japanese characters, administrators exporting the folder received a time-out error.
Connectors
New Connectors
AWS SSO
The AWS SSO connector is now available with the following action cards:
-
Add AWS Entitlements
-
List AWS Entitlements
-
List Instances
-
Remove All AWS Entitlements
-
Remove AWS Entitlements
Connector Updates
Zendesk
For the Zendesk connector, the following action cards are now available:
-
Download Attachment
-
Read Ticket Attachments
-
Upload Attachment
See Zendesk connector.

Fixes
OKTA-364938
If an action card with a defined output was dragged from one If/Else block to another, Workflows Designer encountered an error.
OKTA-367838
After the Edit card option was selected from the Settings menu (gear icon) on an event card, changes to the card weren't saved and the Save button remained static.
OKTA-370859
Workflows Designer encountered an error unexpectedly when an input field type of string, number, or object was clicked within the Test dialog.

Features and Enhancements
Enhanced navigation and interface elements for flows and tables
The Workflows platform interface has been enhanced for easier navigation, search, and use of flows and tables. Within each folder, there are new Flow and Table tabs to help navigate between flows and tables, as well as a new search field to find specific flows and tables. Users can now see the number of flows and tables that are saved within a folder and keep track of changes with updated counts as flows and tables are moved from folder to folder.
Updated descriptions for cards in Workflows interface
In the Workflows App Action menu, updated descriptions and improved search results for event and action cards are now available for the Proofpoint connector.
Select a spreadsheet by ID in the Google Sheets connector
In the Google Sheets connector, the ability to specify a spreadsheet by ID is now available for the following cards:
-
New Row (event)
-
Clear Row
-
Copy Spreadsheet
-
Copy Worksheet
-
Create Row
-
Create Worksheet
-
Delete Row
-
Read Cell
-
Read Column
-
Read Row
-
Read Worksheet Info
-
Search Column
-
Update Cell
-
Update Row

Features and Enhancements
Updated descriptions for action cards in Workflows interface
In the Workflows App Action menu, updated descriptions and improved search results for event and action cards are now available for the following connectors:
-
Atlassian Admin
-
Jira
Fixes
OKTA-369643
The search results drop-down list for Templates didn’t contract after the View all results option was selected.
Connectors
New Connectors
Mixpanel
The Mixpanel connector is now available with the following action cards:
-
Create Profile
-
Create Track Events
-
Custom API Action
-
Delete Profile
-
Read Profile
-
Search Profiles
-
Search Track Events
-
Update Profile
See Mixpanel connector.

Fixes
OKTA-355415
For the Google Sheets connector, the New Row event card triggered a Flow even if a new row wasn’t added to a Google spreadsheet, and conversely didn’t detect new rows when they were added to a Google spreadsheet.
OKTA-356183
In the Tables Update Row function card, fields with null values couldn’t be added to a table. Updates only took place when fields contained data.
OKTA-362760
For the PagerDuty connector, the Create Incident action card didn’t return all the integration keys of a user in the Incident Key output field.
OKTA-368719
On event and action cards, a Set options and click “Save” message appeared even after fields in the Options section were chosen.

Upgrade for Slack Admin and Slack connectors
Based on anticipated changes to the Slack API, Okta will release upgrades to several cards for the Slack Admin and Slack connectors.
You’ll need to take action to fix Flows that are impacted by these upgrades. See Slack Admin Migration Guide.
Summary of Upgrades
-
Upgrade of Version 1 to Version 2 of the Slack OAuth 2.0 spec to provide more granular Slack scopes. See Installing with OAuth.
-
Upgrade to the new Slack Conversations API to replace the scheduled deprecation of older methods.
-
Enhancements to multiple existing Slack connector cards for privacy of user data and better user experience.
-
Performance optimization.
Slack Admin connector
For the Slack Admin connector, the Update User card will include a Set Empty Field drop-down option.
While you don’t need to replace this card, it is recommended that you reauthorize the Slack connection for it.
Slack connector
Deprecated cards
The Send Slackbot Message action card will be deprecated.
Cards with severe impact
The Custom API Action card will no longer support the following API endpoints:
-
channels.*
-
groups.*
-
im.*
-
mpim.*
-
channels.history
-
conversations.history
-
pins.list
-
conversations.replies
-
conversations.list
-
chat.scheduledMessages.list
The New Pinned Message event card will trigger a Flow when there’s a new pinned message within any container message.
An active Flow will no longer run if it contains any of the following updated cards:
-
Archive Channel
-
Join Channel
-
Leave Channel
-
Read Message History
To repair a Flow and include these upgraded cards, you must establish a new connection, remove the existing card, and replace it with the new version of the card.
Cards with moderate impact
The Slack connector will continue to function until you either create a new connection or reauthorize the connection for the following cards:
-
New Message in Private Channel
-
Invite User to Channel
-
Send Message to Channel
After you’ve updated the connection, you will need to remove the existing card and replace it with the new version of the card.
Cards with low impact
The following cards will have enhanced functionality but no impact on existing Flows:
-
Create Channel
-
New Message in Channel
-
Read User
-
Respond to Command - Delayed
-
Respond to Command - Real Time
-
Search Channels
-
Send Direct Message
-
Slash Command
While you don’t need to replace these cards, it is recommended that you reauthorize the Slack connection for each of them.
Fixes
OKTA-356001
For the Office 365 Mail connector, the following action cards didn’t produce a value in the Message ID output field:
-
Forward Email
-
Reply to Email
-
Send Email
Connectors
Connector Updates
GitHub
For the GitHub connector, the Create Pull Request action card is now available. See GitHub connector.

Features and Enhancements
General Availability of Workflows
Okta Workflows is now Generally Available for additional customers in the APAC cell.
Okta Workflows is an interface-driven, no-code platform for business process automation that provides integration with some of the most widely used third-party APIs in the industry, including Box, Slack, Salesforce, and Google Workspace. See Okta Workflows.
Deployment is taking place over the course of several days to entitled orgs.
To access Workflows, select the Workflow > Workflows console menu option from the Okta Admin Console.
General Availability of Workflows Templates
Templates for Okta Workflows is now Generally Available. Templates include sample Flows, documentation, and demo videos for use cases achievable with the Workflows platform. Users can search Templates within the Workflows platform and download Flows directly into their environment so that they can configure and activate quickly and easily. See Get started with Workflows Templates.
Enhanced navigation between Flows, child Flows, and tables
The interface for the Workflows platform has been enhanced for better navigation between Flows, child Flows, and tables. Workflows users can now more easily determine the folder where a Flow is stored, access related Flows within the same folder, and search for or open child Flows in a separate browser tab using a Choose a Child Flow dialog. See Export and import flows
Fixes
OKTA-332379
Some cards incorrectly had an Options menu.

Features and Enhancements
Import or export a single Flow
This feature allows admins to export and import a single Flow. Previously, admins could only export or import a collection of Flows located in the same folder within Workflows. With this feature admins can easily share individual Flows of their choosing across different Workflows environments. For example, admins can share Flows between Preview and Production orgs, across different orgs in a single tenant, or share Flows with other builders. See Export and import flows.
Fixes
OKTA-357580
After signing in to a protected page, admins were redirected to the Workflows home page, instead of the page they intended to access.
OKTA-360841
In the Update User action card for the Salesforce connector, when either ISO-8859-1
or General US & Western Europe (ISO-8859–1, ISO-LATIN-1)
is selected from the Email Encoding dropdown, the Flow failed.
Connectors
Connector Updates
G Suite Admin
Some action cards for the G Suite Admin connector didn’t contain output fields. The following cards have been updated with a Status Code output field:
-
Add Address to User
-
Add Email to User
-
Add External ID to User
-
Add Relation To User
-
Add User to Group
-
Assign License to User
-
Create Custom Schema
-
Delete User Alias
-
Make User Admin
-
Remove User from Group
-
Unassign License from User
-
Update User
GitHub
For the GitHub connector, the following action cards are now available:
-
Create Branch
-
Create File Content
-
Read Issue
-
Read Repository
-
Search Branches
-
Update File Content
See GitHub connector.

Fixes
OKTA-332465
When saving a Flow that contained a List For Each - Ignore Errors function card, a 504 Gateway Timeout error occurred, preventing the Flow from being saved.
OKTA-358176
The Date & Time Now function card produced an incorrect value in the Year output field if the first week of the year didn’t start on a Monday.

Special Announcement
Okta Workflows is now Generally Available.
Okta Workflows is an interface-driven, no-code platform for business process automation that provides integration with some of the most widely used third-party APIs in the industry, including Box, Slack, Salesforce, and G Suite Admin. See Okta Workflows.
Deployment is taking place over the course of several days to entitled orgs with the following SKUs:
-
IT Products - Advanced Lifecycle Management
-
Legacy SKU: IT Products - Lifecycle Management, Unlimited
-
Legacy SKU: IT Products - Lifecycle Management, Unlimited OIN Apps
-
Legacy SKU: IT Products - Lifecycle Management, 10 OIN Apps
APAC and HIPAA cells are excluded.
To access Workflows, select the Workflow > Workflows console menu option from the Okta Admin Console.
Features and Enhancements
Availability of Workflows Templates
Workflows Templates is now available, providing users with access to a searchable catalog of installable Flows that address many common use cases. See Get started with Workflows Templates.
Ability to pin an event card to a Flow
In Workflows Designer, the ability to pin an event card has been enhanced for better discoverability, allowing users to scroll through a Flow while keeping an event card in a static position.
Fixes
OKTA-352336
In the G Suite Admin connector, the Search Groups card failed if one or more spaces were used in the Name field to query for groups.
OKTA-355836
The Workflows Templates interface has been enhanced for clearer display of the number of connectors, Flows, and tables that are included in a template.

Fixes
OKTA-316032
In the Dropbox for Business connector, a No User ID Provided
error message didn’t appear for the Update User action card when a null value was added to the User ID field.
OKTA-316044
In the Dropbox for Business connector, a No values provided for Update User
error message didn’t appear for the Update User action card when null values were returned for all fields except User ID.
OKTA-345995
The Search Rows function card only read the first 1,000 rows of a table.
OKTA-347410
In the Slack connector, the New Message in Private Channel event card didn’t display every private channel in a Workflows user’s Slack instance.
OKTA-352359
In the Create User action card for the Salesforce connector, a Flow failed when either of the following options was selected in the Email Encoding drop-down field:
-
ISO-8859-1
-
General US & Western Europe (ISO-8859–1, ISO-LATIN-1)
Connectors
New Connectors
Advanced Server Access
The Advanced Server Access connector is now available with the Create PreAuthorization action card.

Fixes
OKTA-309495
In the PagerDuty connector, the Read Service action card didn’t populate fields in the Scheduled Actions output section.
OKTA-310618
In the PagerDuty connector, an error message wasn’t displayed for the Search User action card when the User Email input field contained a null value.
OKTA-310773
In the PagerDuty connector, the Update User action failed to update the URL for a user’s avatar.
OKTA-311983
In the PagerDuty connector, the Create User action card accepted invalid data in the Email input field.
OKTA-312007
In the PagerDuty connector, the Read Incident action card didn’t check for null values.
OKTA-312692
In the PagerDuty connector, the Create Incident action card didn’t check for null values in the Contexts - URL and Contexts - Text input fields.
OKTA-348822
In the PagerDuty connector, the Update Incident action card failed to display its input and output fields.
OKTA-352437
A large amount of white space appeared between the list of event cards for any connector and the feedback form.
Connectors
New Connectors
SmartRecruiters
The SmartRecruiters connector is now available with the following Action cards:
-
Add User to Group
-
Create User
-
Custom API Action
-
Deactivate User
-
Read User
-
Remove User from Group
-
Search Groups
-
Search Users
-
Update User
Connector Updates
Excel Online
The custom revocation of access tokens for the Excel Online connector is now available. An alert message appears if you try to revoke a token from a connector that doesn't support revocation.
For the Excel Online connector, the Read Worksheet Info action card is now available.
For the Excel Online connector, the following updates are now available:
-
The Search Rows by Column action card has a Row ID output field.
-
The Read All Rows action card can read up to 500,000 rows.
PagerDuty
For the PagerDuty connector, the Search User action card now supports pagination.
Salesforce
For the Salesforce connector, the following Action cards are now available:
-
Get All Permission Set Licenses
-
List User Permission Assignments
-
Remove User Entitlements
See Salesforce connector.

Features and Enhancements
Settings tab renamed as Connections
The Settings tab in the Okta Workflows Console is now called Connections.
Enhancements to Workflows Templates interface
The Workflows Templates interface has been enhanced for better discoverability and user experience.
Fixes
OKTA-345289
When users attempted to access the Workflows console, a 500 Internal Server Error
response was returned.
OKTA-325035
In scheduled flows, the Upload File action card for the Google Drive connector lost its connection after an unspecified amount of time.
Connectors
Connector Updates
Asana
For the Asana connector, the following action cards are now available:
-
Add Task
-
Create Project
-
Read Project
-
Read Project Tasks
-
Search Projects
-
Search Tasks
-
Search Teams
See the Asana connector.
GitHub
For the GitHub connector, the following action cards are now available:
-
Create Issue
-
Read Pull Request
-
Update Issue
-
Update Pull Request
See the GitHub connector.

Fixes
OKTA-330302
Renaming card fields caused browser errors in some environments.
OKTA-332460
Values from Object-type fields did not appear in the "Test this card" dialog boxes.
OKTA-349329
In the Okta connector, application management cards (such as List Users Assigned to an Application) displayed no applications in the drop-down field. Using any of these cards caused a loading error.
OKTA-347107
When unsuccessful authorizations occurred using the Google Drive connector, an ambiguous error message appeared in the connection dialog.
Connectors
Connector Updates
Gmail
G Suite email accounts are now required for authorization.
In the Send Email with Attachment action card, the Email - To field is now required, and the Body field must be chosen when including an attachment. See Send Email with Attachment.
The New Email event card now supports pagination. See New Email.
The Update User Gmail Settings action card is now available. See Update User Gmail Settings.
Zendesk
For the Zendesk connector, the Remove User from Organization action card is now available. See Remove User from Organization.

Fixes
OKTA-284196
In the Salesforce connector, the Update User action card didn’t have an output section.
OKTA-309997, OKTA-310318, OKTA-310333
In the Salesforce connector, the correct error message wasn’t displayed when a field contained a null or invalid value in the following action cards:
- Upload Record
- Upload Document
- Upload Attachment
OKTA-311976
In the Salesforce connector, the Transfer Leads action card didn’t transfer all leads as expected.
Connectors
Connector Updates
G Suite Admin
Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated as part of this initiative. In the G Suite Admin connector, whitelist is now referred to as allow list.
GitHub
For the GitHub connector, the Custom API Action card has been updated to handle errors more effectively. Additionally, the following action cards are now available:
- Update User
- Search Users
- Read User
- Search Repositories
- Search Teams
- Search Organization
- Add User to Repository
- Remove User from Repository
- Add User to Team
- Remove User from Team
- Add User to Organization
- Remove User from Organization
See the GitHub connector.
Okta
The Update User card now includes an option to choose whether to pass empty values. See Update User.
Salesforce
For the Salesforce connector, the Search Permission Set Groups action card is now available. The Create User and Update User cards have been updated to support the new card.
See Salesforce connector.

Fixes
OKTA-316038
In the Zoom connector, the Create User and Update User action cards still allowed old Zoom user types.
OKTA-316039
In the Zoom connector, the Get User and Search User action cards didn’t return values for the following fields:
- Department
- Login Using SSO?
- Login Using Work Email?
OKTA-317628
In the Zoom connector, the following action cards didn’t check for empty required inputs before sending the request to Zoom endpoint:
- Activate User
- Deactivate User
- Delete User
- Update User
OKTA-343823
Some in-product help articles were missing the feedback form.
Connectors
Connector Updates
Zendesk
For the Zendesk connector, the following Action cards are now available:
- Delete User
- Add User to Group
- Remove User from Group
- Search Groups
- List Group Members
- Read Group
See Zendesk connector.
Zoom
For the Zoom connector, the following Action cards are now available:
- Add User to Group
- Remove User from Group
- List Group Members
- Search Groups
See Zoom connector.
Okta
For the Okta connector, the Full Details output field in all event cards has been replaced with the following fields:
- Event Details
- Headers
- Source
- Debug Data
If you are using the Full Details output field in your flows, we recommend switching to the new fields.

Fixes
OKTA-325544
In the Read User, Remove License from User, and Assign License to User action cards for the Office 365 Admin connector, some output fields were populated with unexpected null values. The fields were:
- Calendar
- Calendar Groups
- Calendar View
- Calendars
- Contact Folders
- Created Objects
- Direct Reports
- Drive
- Drives
- Events
- Extensions
- Inference Classification
- License Details
- Mail Folders
- Manager
- Member Of
- Messages
- OneNote
- Outlook
- Owned Devices
- Owned Objects
- People
- Photo
- Planner
- Preferred Data Location
- Registered Devices

Fixes
OKTA-336149
In an imported Flow pack, the most recently created or used connection for each authorized connector wasn’t assigned automatically to Event and Action cards in Flows.
Connectors
New Connectors
Docusign
The Docusign connector is now available with the following cards:
- Add Custom Envelope Field
- Add Recipient to Envelope
- Add User to Group
- Create Envelope
- Create User
- Custom API Action
- Delete User
- Download Document in Envelope
- List Groups
- List Users in Group
- Modify Custom Field in Envelope
- Read Envelope
- Read User
- Remove User from Group
- Search Custom Fields in Envelope
- Search Envelope
- Search Users
- Send Envelope
- Update User
- Upload Document to Envelope
See DocuSign connector.
Connector Updates
Asana
For Asana connector, the following Action cards are now available:
- Add User to Team
- Add Users to Project
- Create User
- Deactivate User
- List Tasks
- Read User
- Read User Tasks
- Remove User from Team
- Remove Users from Project
- Search User
- Update User
See Asana connector.

Features and Enhancements
Improved authentication for Marketo connector
The Marketo connector now has improved error handling, including URL character validation and error messaging.
Connectors
New Connectors
OneTrust
The OneTrust connector is now available with the following cards:
- Custom API Action
- Create User
- Delete User
- Read All Custom Preferences
- Read Custom Preference
- Read User
- Search Users
- Update User
See OneTrust connector.

Features and Enhancements
Improved user experience for in-product help
The in-product documentation is enhanced to provide a better user experience.
Updated user interface for feedback
The Okta Workflows feedback user interface is updated for grammatical fixes.
Fixes
OKTA-324498
In the Jira connector, the Relative URL input field for the Custom API Action card wasn’t marked as required.
OKTA-324907
In some cases, running a Flow threw an incorrect Unexpected Character error.
Connectors
New Connectors
Proofpoint
The Proofpoint connector is now available with the following cards:
- Custom API Action
- Read Permitted Malicious Links
- Read Delivered Malicious Messages
- Read Compromised User
- New Permitted Malicious Link (Event)
See the connector docs.
Connector Updates
G Suite
The following cards are now available for the G Suite connector:
- Search Groups
- List Group Members

Connectors
New Connectors
GitHub
The GitHub connector is now available with the Custom API Action card. See the connector docs.

Fixes
OKTA-260378
Okta Workflows displayed an error when activating a Flow that referenced a specific table in a flowpack.
OKTA-305460
The Connection section didn't appear when adding an HTTP card to a Flow using the card search.

Fixes
OKTA-316709
The Read Organization Ticket action card of the Zendesk connector returned an empty list.
OKTA-322342
In some cases, the Flows import didn’t complete.
Connectors
Connector Updates
Jira Service Desk
- The New Request, New Request in Queue, Request Updated cards have been updated to fix the following issues:
- Users couldn’t turn off Flows.
- Webhooks weren’t deregistered when Flows were stopped.
- The following cards have updated required input fields:
- Create Customer: Display Name and Email
- Remove Customer From Service Desk: Customer IDs
- Read Organization: Organization ID
- Delete Organization Property: Organization ID and Property Key

Fixes
OKTA-266936
The following Office 365 Mail connector cards didn’t return the status ID:
- Reply to Email
- Send Email
OKTA-281192
The following Office 365 Mail connector cards didn’t include the Output section:
- Reply to Email
- Forward Email
- Delete Email
OKTA-305460
The Connection section didn’t appear when adding an HTTP card using the card search.
OKTA-319243
The New Row event card for the Google Sheet connector didn’t detect new rows in some cases.
OKTA-328388H
In some cases, a Flow was stuck in the In Progress stage instead of moving forward or displaying a time-out error.

Features and Enhancements
Help menu redesign
The Workflows help menu has been enhanced for better access to support and documentation.
New feedback mechanism
Admins can now submit feedback about Workflows using the new feedback mechanism.
Custom revocation of access tokens for PagerDuty connector
You can now implement custom revocation in PagerDuty so that deleting a connection automatically revokes the associated access token. An alert message appears if you try to revoke a token from a connector that doesn't support revocation.
Fixes
OKTA-317617, OKTA-323057
For the ServiceNow connector, the Search Users and Read Users in Group cards returned unexpected null objects in the SystemID output field.
OKTA-318427
When used in a Flow with a Date & Time Convert card, a Flow Control Wait Until card returned a 500 Invalid Input
error.
OKTA-323511
In the Function search dialog box, clicking the Make a suggestion link didn’t produce a Provide Feedback popup window.
OKTA-325804
When adding a new action card to a Flow from the App Action dialog box, the inline text in the search field showed “Search applications” even though a connector was selected.
Connectors
Connector Updates
Office 365 Mail
In the Send Email card for the Office 365 Mail connector, support for attachments is now available.

This release does not have release notes.

Features and Enhancements
Improved error message for flow pack imports
If a connector or connector method isn’t upgraded automatically when a flow pack is imported, a more detailed error message now appears: The flow pack you are attempting to import contains either a connector or connector method that is not present in this environment
.
Custom revocation of access tokens for Okta connector
The custom revocation of access tokens for the Okta connector is now available. An alert message displays if you try to revoke a token from a connector that doesn't support revocation.
Fixes
OKTA-315846
In the Google Sheets connector, the Read Cell card failed because the input was incorrectly referenced.
OKTA-315669
In the Slack connector, the New Message in Channel card didn’t list all available channels.
Connectors
Connector Updates
Google Drive
You can now update files using the Update File card. See Google Drive connector.
Okta
Suspended
is now an available status in the List Users with Search and List Users with Filter cards.

Fixes
OKTA-266637
The Get Message card for the Office 365 Mail connector returned an empty result set if the MessageId field was empty.
OKTA-299422
Recursive Flow export returned a 400 error, and a recursive Flow import hung until timeout.
OKTA-301836
When importing a Flow Pack, if the Flow Pack and the environment had different versions, the import failed to save.
OKTA-304682, OKTA-304683
When the picklists were updated in the Salesforce connector, the Update Custom Picklist Values and Update Global Picklist Values cards returned a 500 Internal Server Error
response.
OKTA-311656
In the Salesforce connector, the following cards didn’t check for null values:
- Create User
- Read User
- Update User
- Deactivate User
- Activate User
- Freeze User
- Unfreeze User
- Execute Query
On the Execute Query card, the SOQL Query field was marked incorrectly as not required.
Connectors
Connector Updates
Salesforce
The following cards have been updated:
- The Execute Query now returns a maximum of 56,000 records.
- The Create User, Update User, and Read User cards now include the Federation ID field.
See Salesforce connector.

Features and Enhancements
OAuth tokens revoked when a connection is deleted
When a connection to a third-party service is deleted, Workflows now attempts to revoke any OAuth tokens related to that connection. If the token can't be revoked, admins are prompted to manage these tokens in the third-party service.
Enhanced user experience
Flow Pack import error messages have been updated for clarity and readability. The Test Flow interface has been updated with minor stylistic enhancements.
Fixes
OKTA-270225
The Jira connector’s Delete Issue card didn’t delete an issue if it included a subtask.
OKTA-276088
The Jira connector’s Dynamic Auth Custom API Action card incorrectly asked for a password instead of an API token. The Password field is renamed as API Token.
OKTA-317286
Overlap between the Created and Updated values of trace messages in high-traffic orgs resulted in a sorting error.
Connectors
New Connectors
Asana
The Asana connector is now available in Okta Workflows with the Custom API Action card. See the connector docs.
Marketo
The Marketo connector is now available in Okta Workflows with the following cards:
- Add Leads to List
- Create Lead
- Read Lead
- Read List
- Read List Leads
- Search Leads
- Search Lists
- Update Lead
See the connector docs.
Duo Security
The Duo Security connector is now available in Okta Workflows with the following cards:
- Custom API Action
- Create Users
- Update Users
- Delete Users
- Enroll Users
- Search Users
- Get Groups
- Add User to Group
- Remove User from Group
See the connector docs.
Google Drive
The Google Drive connector is now available in Okta Workflows with the following cards:
-
Create Permission
-
Delete File
-
Get File Permissions
-
Move File or Folder
-
Search Files
-
Search Folders
-
Update File Permission
-
Add Comment to File
-
Copy File
-
Create Folder
-
Read File Info
-
Read Folder Info
-
Update File Info
-
Update Folder Info
-
Create Transfer Request
-
Search Transfer Request
-
Read Transfer Request
-
File Updated (event)
-
Folder Updated (event)
-
New Comment (event)
-
Folder Created (event)
-
File Created (event)
-
Upload File
See the connector docs.
Google Calendar
The Google Calendar connector, with support for event management and transfer of ownership, is now available in Okta Workflows, and includes the following cards:
- Create New Event
- Create Reminder
- Custom API Action
- Is Free Slot
- Monitor New Events
- Monitor Updated Events
- Move Event
- Read All Calendars
- Read Available Time Slots
- Read Event Information
- Search Events
- Update Event
- Create Transfer Request
- Read Transfer Request
- Search Transfer Request
See the connector docs.
Connector Updates
Google Cloud Functions
In some cases, the Google Cloud Functions connections didn't refresh after one hour. This issue has been resolved. Please re-authenticate your connections for the changes to take effect.

Fixes
OKTA-303043
In some cases, delays in Flow execution caused the control.until module to fail with an invalid input error: Date must be past now.
OKTA-305135
The Slack connector didn’t display the correct error message when a connection failed.
OKTA-309910
The Find Custom card in the List function incorrectly returned the null value instead of -1 if the item wasn’t found.
OKTA-310594
G Suite cards didn’t allow linking to the TO, CC, and BCC fields using text string.
OKTA-310931
In Okta Preview orgs, the Return card for the Flow Control function didn't return values from a child flow to the parent flow.
OKTA-315910
In cases where a Flow’s memory exceeded 1.5 GB, significant errors may not be displayed, causing unexpected failures or inconsistent results.
Connectors
Connector Updates
Office 365 Admin
New OAuth2 apps have been installed for the Office 365 Admin connector. Please re-authorize your connections.
Excel Online
New OAuth2 apps have been installed for the Excel Online connector. Existing Excel Online connections will continue to work. However, we recommend that you re-authorize your connections.

Connectors
Connector Updates
Excel Online
New OAuth2 apps have been installed for the Excel Online connector. Existing Excel Online connections will continue to work. However, we recommend that you re-authorize your connections.
ServiceNow
In ServiceNow connector’s Create User and Search User action cards, the Sys ID input field must be 32 characters in length.

Features and Enhancements
Onboarding Enhancements: Designer toolbar buttons redesign
Workflows toolbar elements have been enhanced for better discoverability and user experience.
Fixes
OKTA-296622
In Workflows, even if a child Flow with a “Wait For” or “Wait Until” function card remained unexecuted or returned “False”, the parent Flow still returned the first item in a search.
OKTA-303103
JSON data in Workflows action cards didn’t display properly.

This release does not have release notes.

Features and Enhancements
Google Cloud Functions connector’s Invoke Function card needed an update
The Google Cloud Functions connector’s Invoke Function card has been updated to rely on the user’s service account to create a self-signed JWT token, and to work with G Suite accounts. If you’re using this card, you will need to reconfigure it. See Authorization.

Features and Enhancements
Enhanced user experience
Workflows pop-up windows have been enhanced for a better user experience.

Features and Enhancements
Maximum number of active Flows is higher
The maximum number of active simultaneous Flows in an org is now 100.
Fixes
OKTA-287577
In Gmail connector's Auto Reply card, the Subject field was optional. It is now required.
OKTA-299641
In Okta connector's Get Assigned User for Application card, the Feature Licenses, Permission sets, and Public groups fields appeared as text fields instead of list text fields.

Fixes
OKTA-292774
The Read Spreadsheet Info action card for the Google Sheets connector read the spreadsheets by name instead of by their unique Spreadsheet ID.
OKTA-292791
The Create Spreadsheet action card for the Google Sheets connector incorrectly required Spreadsheet Title in the input fields.
OKTA-294340
In the Read Row, Clear Row, Read All Rows and New Row action cards for the Google connector, worksheets with special characters in the name couldn't be selected from the params options list and the selection defaulted to the first sheet in the list.
OKTA-294678
The Create Worksheet action card for the Google Sheets connector didn't return the output field New Worksheet Name if no name for the created worksheet was provided.
Connectors
Connector Updates
Okta
The Full Details field has been removed from the Output section of the User Okta Profile Updated event card. Instead, several new fields have been added to retrieve granular information.
If you are using this card in any of your flows, please update it by selecting the appropriate granular fields for your Flow. You will also need to update other cards in the Flow to correspond to the newly selected fields. See the application reference.

Fixes
OKTA-285949
In some cases, Okta Workflows didn’t correctly pass scopes to the Google OAuth connection.

Fixes
OKTA-275305
The Search Users and Search Groups cards in the Office 365 Admin connector failed when an empty object was selected as output and All Matching Records as input.
OKTA-292637
The Office 365 Admin connector's Update User card threw a 405 error (method not allowed) when the Mailbox Settings input field was updated. This field is now removed.
Connectors
Connector Updates
ServiceNow
The following new cards have been added:
- Add User to Group: Adds a user to a group using the user's System ID and Group System ID in ServiceNow.
- Read Users in Group: Displays group members using Group System ID in ServiceNow.
- Remove User from Group: Removes a user from a group using the user's System ID and Group System ID in ServiceNow.
See the application reference.
Gmail
The following new cards have been added:
- Add Delegate: Adds a delegate with its verification status set directly to accepted, without sending any verification email.
- Forward Emails: Creates a forwarding address.
- Set Auto Reply: Configures a scheduled auto-reply.
See the application reference.
Google Sheets
The following cards have been updated for performance improvement:
- New Row
- Clear Row
- Read Row
- Read All Rows
In order for the changes to take effect, you need to re-authenticate your Google Sheet connection(s) in the Workflows console. See Connect other applications in Workflows.
Functions
New File function added
The following new cards for the File function have been added for Workflows environments created through Okta:
- Download: Downloads a file to the File System over HTTP or HTTPS.
- Upload: Uploads a file to an HTTP or HTTPS service.
- Multipart Upload: Uploads a file to an HTTP or HTTPS service that requires Multipart exchange.
- Info: Gets useful information about a file.
See the function reference.

Features and Enhancements
Scopes updated for Okta connector
The following scopes have been added to the Okta connector to match the available scopes in the Okta Workflows OAuth app in the Okta Admin Console.
- okta.factors.manage
- okta.factors.read
- okta.inlineHooks.manage
- okta.inlineHooks.read
- okta.policies.manage
- okta.policies.read
- okta.roles.manage
- okta.roles.read
- okta.schemas.manage
- okta.linkedObjects.manage
- okta.linkedObjects.read
Okta Workflows OAuth app does not grant these scopes by default. To use these scopes, go to your Okta Admin Console > Okta Workflows Oauth app > Okat API Scopes and grant the scopes. Then in the Workflows Console, re-authorize the connection(s). See Authorizing an Account.
Fixes
OKTA-290779
The Update Row card for the Tables function incorrectly updated all rows if the Row Id field was empty. This field is now required.

Connectors
Connector Updates
The following cards have been updated:
ServiceNow
Event cards:
- New Incident
- Updated Incident
See the app reference.

Features and Enhancements
Improved Search Column card to return all matched columns
The Search Column card for the Google Sheets connector is improved to return all matched columns. The card now allows you to select First matching row or All matching rows.
Fixes
OKTA-259959, OKTA-259978, OKTA-260390, OKTA-261252
The following cards for the Google Sheets connector returned a 404 error when the Row Number input field was empty: Clear Row, Delete Row, Read Row, Update Row. This field is now made required.
OKTA-260204
The Read All Spreadsheets card for the Google Sheets connector incorrectly returned deleted sheets.
OKTA 260205, OKTA-260399
The following cards for the Google Sheets connector failed when the Coordinates input field was empty: Read Cell, Update Cell. This field is now made required.
OKTA-260371
The Spreadsheet Info cards for the Google Sheets connector failed when the Spreadsheet Name input field was empty. This field is now made required.
OKTA-267058
The Workflow session did not silently refresh to check if the corresponding Okta session was active.
OKTA-282384
In some cases, a flow running on the Node engine didn't save history.
OKTA-289515
The List Difference Function card didn’t properly sort differences between two list outputs.
OKTA-284779
Multiple actions or events for the Okta connector failed to load Applications and Application Instances in a drop down list. The Okta connector can now load up to 1000 Applications and 2000 Application Instances. A new input field App Instance Id is added as an alternative to the drop down lists.
OKTA-284892
Type and Role fields didn’t match in some action cards for Box.
OKTA-290615
In some cases, an HTTP POST request incorrectly used auth_token even when an OAuth access token was set.

Features and Enhancements
Authenticated HTTP connections added
Authenticated HTTP connections to third-party services is added. See the Function Reference.
Distinction made between internal and external 500 errors
In Workflows, a 500 error is more clearly distinguished between an internal file system error and an error from an external service.
Fixes
General Fixes
OKTA-288445
When attempting authorization of two different Slack Admin connections to different Slack instances from within the same browser session, using different applications caused a failure.
OKTA-284299
The Monitor for New Row Event card for the Google Sheets connector checked for new data more frequently than five minute intervals.
Connectors
New Connectors
Following new connectors are now available in Okta Workflows:
- Airtable, see the app reference.
- AWS Lambda, see the app reference.
- Data Grail, see the app reference.
- EvidentID, see the app reference.
- Excel online, see the app reference.
- Google Cloud Functions, see the app reference.
- Jira, see the app reference.
- Jira service desk, see the app reference.
- Smartsheet, see the app reference.
- Zendesk, see the app reference.