Okta Workflows release notes (2025)

2025.06.0

Jamf Pro API connector updated

The Jamf Pro API connector has been updated to include the Send MDM Command card. Also, the Refresh Bearer Token card now supports API Client Authorization.

Workflows onboarding for new users

Now when a user signs in to Workflows for the first time, they're presented with an onboarding questionnaire. The questionnaire allows users to indicate their automation goals and level of familiarity. This allows Workflows to tailor the onboarding experience to the user's needs.

Secondary row sorting for execution history

Now when two or more steps in a flow have the same start time, the Execution History pane sorts them according to the timestamp for the final event in the card. See Flow execution history.

Improvements to workflow metrics

On the Flows tab of Connector Builder, the Execution History pane now displays metrics for the flow. See Flow execution history.

Workflows templates

The following Okta Workflows template is now available:

New accent color modal for connections

In Connector Builder, the Settings page for a connector has a new Accent Color modal. The modal provides a better user experience for selecting an accent color. See Create and edit connector settings.

2025.05.3

Fixes in Okta Workflows

  • OKTA-901305

    In some orgs, users were unable to duplicate folders.

  • OKTA-880337

    In Windows environments, the Clear Data modal displayed incorrectly.

2025.05.2

Fixes in Okta Workflows

  • OKTA-933535

    Some flows could be saved with missing required fields.

  • OKTA-913937

    In orgs with over 200 app integrations, the API Endpoint card returned an error when an admin selected integrations to trigger the flow.

  • OKTA-914702

    In some orgs, if the key used for the JWT Verify card was a PS256 key, the card returned a The key is invalid or malformed error.

  • OKTA-936586

    Execution logs wouldn't stream to Elastic.

  • OKTA-927257

    On the Flows tab of Connector Builder, the flow history was sometimes incorrect.

  • OKTA-740694

    When a user received an email from Okta and reported it as suspicious activity, the System Log didn't record the event.

2025.05.1

Okta ITP connector

The Okta ITP connector is now available in Okta Workflows with the following cards:

Actions

Events

See Okta ITP connector.

Update to Slack connector for messages

The Send Slackbot Message card was removed as an option in 2020. It's now fully deprecated. You must update any flows using this card to avoid errors. You can remove the action card from your flows or replace them with the Send Message to Channel card.

Fixes in Okta Workflows

  • OKTA-928020

    Users could save folders, flows, or tables with only a space as the name, or with duplicate names.

  • OKTA-917405

    In Connector Builder, sometimes the authorization request failed when the OAuth 2.0 server required the inclusion of an Authorization: Basic <credentials> header.

2025.05.0

Oracle IAM connector

The Oracle IAM connector is now available in Okta Workflows with the following cards:

See Oracle IAM connector

Splunk Enterprise Security connector

The Splunk Enterprise Security connector is now available in Okta Workflows with the following cards:

See Splunk Enterprise Security connector

Execution History Inspector enhancements

The following columns have been added to the Execution History Inspector:

  • Network latency

  • Steps

  • Retries

  • Network Ingress

  • Network Egress

The following columns have been removed from the Execution History Inspector:

  • Data in

  • Data out

Fixes in Okta Workflows

  • OKTA-920704

    Super admins couldn't always access Workflows with the role-based access control (RBAC) feature enable.

  • OKTA-899768

    When using a Branching Lookup function card, result values starting with numbers and containing text weren't saved correctly.

  • OKTA-892394

    Admins couldn't create multiple GitHub connections if they had different settings.

  • OKTA-901766

    In Connector Builder, nested object output keys didn't display properly in the Groups pane.

  • OKTA-899898

    When an admin added an app action to a Preview environment, the Coupa app was sometimes listed twice.

2025.04.3

Connector Builder Terms of Service

The Connector Builder Terms of Service has been updated.

Fixes in Okta Workflows

  • OKTA-893687

    Sometimes when an admin selected a folder, the browser scrollbar was duplicated, and the page shifted slightly to the left.

  • OKTA-888824

    In environments with many folders, pages loaded slower than expected.

  • OKTA-888294

    In Connector Builder, the accent color setting appeared editable even when users didn't have permission to edit it.

  • OKTA-911831

    When using the Get Multiple object card, text would overlap within the conditions of the If/Else If block when using a long path.

2025.04.2

Workflows templates

Fixes in Okta Workflows

  • OKTA-913936

    Sometimes admins couldn't vertically scroll on a page.

  • OKTA-901756

    Sometimes when switching between the Flow and History tabs of a flow, the navbar disappeared.

  • OKTA-879937

    New SFTP connections couldn't be created using hostnames with certain characteristics.

  • OKTA-911831

    Admins couldn't set the month interval for a scheduled flow.

2025.04.1

This release includes internal improvements and fixes.

2025.04.0

Secure Identity Integrations

Secure Identity Integrations (SII) provides additional depth for the 50+ most-used enterprise SaaS applications with the inclusion of SSO, SCIM, entitlement management, Universal Logout, Connectors, and Identity Security Posture Management (ISPM).

Update to Slack connector for messages

The Send Slackbot Message card was removed as an option in 2020. It's fully deprecated as of April 16, 2025 for Preview cells and April 22, 2025 for Production cells. You must update any flows using this card to avoid errors. You can remove the action card from your flows or replace them with the Send Message to Channel card.

Disable execution log streaming by default

Previously, when you enabled and configured the Execution Log Streaming feature, all new flows had log streaming enabled by default. Now, you can set log streaming to be disabled by default for all new flows. You can enable or disable log streaming for individual flows from the Flow Builder interface. See Configure Execution Log Streaming and Manage Execution Log Streaming for individual flows.

Workflows templates

The following Okta Workflows templates are now available:

Bulk convert users to lite-users

Governance for Okta Privileged Access server resource examples

The following Okta Workflows templates have been updated:

Temporarily exempt users from MFA - updates instructions for Okta Identity Engine.

Fixes in Okta Workflows

  • OKTA-897273

    In some cases, the default scope selection wasn't retained when reauthorizing an existing connection.

  • OKTA-857273

    Users couldn't save flows with an API Endpoint card if they were configured to use OAuth 2.0.

2025.03.3

File size limit error message

Users received a "Not a valid import file" error when attempting to import folders over 10MB. Now a file size limit error displays when the limit is exceeded.

Fixes in Okta Workflows

  • OKTA-847253

    The file size limit for a folder import has increased from 10MB to 27MB.

  • OKTA-891681

    Users could select a polling frequency exceeding the 30-day limit.

  • OKTA-847320

    Not all execution history results were shown when searching by User ID.

2025.03.2

Fixes in Okta Workflows

  • OKTA-890178

    When the usage limit for active flows was exceeded, the progress bar wasn't displayed correctly.

  • OKTA-887903

    In Okta Workforce Identity Free Trial plans, the banner that indicates when execution limits have been reached disappeared when users refreshed the page.

  • OKTA-845670

    Searching in a table sometimes resulted in a 500 internal server error.

2025.03.1

OAuth scope customization enabled for the Gmail connector

You can now specify custom scopes for OAuth connections to the Gmail connector in Okta Workflows.

When you create or reauthorize a connection, go to the Permissions tab in the connection window to specify the scopes. If you want to use the connector as previously configured, select Use Default Scopes. To use the customized scopes feature, specify the desired scopes in Customize scopes (advanced).

See Authorization.

Connector card retry policy improvements

The Okta, Okta Devices, and Okta Realms connector cards have been updated with a more precise retry policy. This reduces the number of API calls when the card encounters rate limit errors. See Workflows - Resilient Flow Design Practices.

Fixes in Okta Workflows

  • OKTA-887114

    Users couldn't successfully execute the Run this card action in an If/ElseIf or Try/IfError function card.

  • OKTA-876227

    When attempting to view the column properties of a Workflows table in certain scenarios, admins received continuous warnings to refresh the table.

2025.03.0

New look and feel in Okta Workflows

The Workflows Console now provides a new look and feel, including redesigned side and top navigation menus and the addition of a gray background.

Coupa connector

The Coupa connector is now available in Okta Workflows with the following cards:

See the Coupa connector.

Updates to Cisco Identity Intelligence connector

The output of the Identity Intelligence Webhook card has been updated with the addition and removal of several fields. Review the Identity Intelligence Webhook documentation for details on the changed output fields. Update any flows that contain this card.

OAuth scope customization enabled for the Google Calendar connector

You can now specify custom scopes for OAuth connections to the Google Calendar connector in Okta Workflows.

When you create or reauthorize a connection, go to the Permissions tab in the connection window to specify the scopes. If you want to use the connector as previously configured, select Use Default Scopes. To use the customized scopes feature, specify the desired scopes in Customize scopes (advanced).

See Authorization.

Type Of function card now generally available in Workflows

The Type Of card identifies the data type of an API response value: Text, Number, True/False, Object, File, or Date & Time. This function is useful if you don't know what data type might be returned to your workflow. The Type Of card also detects List types, making it easier to handle dynamic data structures in your connector flows.

See the Type Of function card.

Connector Builder Base URL updates

For authorization of connectors in Connector Builder, the Base URL is no longer included. Also, the Token Path and Authorization Path fields must be fully qualified URLs instead of path values. See Use OAuth 2.0 Authorization Code.

Improvements to Okta Read User card

The Okta Read User card has been updated with a reduced retry period. This reduces execution times when the card encounters rate limit errors.

The following Okta Workflows templates have been updated:

Accessibility improvements to Workflows

This release provides several improvements that increase adherence to accessibility standards in the Okta Workflows Console.

Fixes in Okta Workflows

  • OKTA-874512

    The Record Limit field on the List Users card for the Zoho Mail connector didn't correctly return the number of streamed records if the limit was set to a value less than the number of available records.

  • OKTA-878882

    In Connector Builder, the connectors shown in the Test versions table didn't display the Created date.

2025.02.3

Fixes in Okta Workflows

  • OKTA-868074

    When a user selected a folder in the navigation pane of the Flow Builder, the user had to scroll up to the top of the main page to see the folder contents.

2025.02.2

Fixes in Okta Workflows

  • OKTA-797353

    When viewing an Okta Workflows table, if you moved the horizontal scroll bar to the far right side, then the column headers became misaligned with their columns.

  • OKTA-849781

    For polling monitors, when the remote service returned the fields defined in the Selected Outputs section, the objects were empty.

  • OKTA-851430

    The Encode Component function card didn't support the | special character. Okta connector cards that searched for an attribute containing the | character returned a 400 Bad Request error.

  • OKTA-864937

    In a new Okta Workflows table, the cell boundaries for a manually added row were misaligned.

  • OKTA-867709

    In the Add app action dialog, the button to clear the Search apps input field or the Search actions input field didn't remove the search text.

2025.02.1

Fixes in Okta Workflows

  • OKTA-744284

    If an admin edited the column name of a table in two separate browser windows, this caused a 400 Bad Request error. The dialog for editing the column name showed a wait icon that never completed.

2025.02.0

Okta Workflows tables limit increase

For Okta Workflows customers on a paid subscription level, the per org limit on Workflows tables has been increased from 100 to 200 tables.

See Flow Tables in Workflows system limits.

Role-based access control is now GA for production orgs

As Okta Workflows can make comprehensive changes both inside Okta and out to other connected SaaS apps, access to Workflows was previously restricted to Okta super admins. While this regulation enhanced the security of Okta Workflows, it limited the number of users, restricted the scalability of Okta Workflows, and reduced overall value to customers.

With role-based access control (RBAC), you can now assign Workflows privileges to more users without granting unnecessary access.

To support this feature, three new admin roles are available:

  • Workflows Administrator: For full-access administration, within Okta Workflows only

  • Workflows Auditor: For compliance management with read-only access

  • Connection Manager: For securely handling accounts and credentials

RBAC allows customers to expand the use of Okta Workflows beyond super admins, enabling more team members to build, run, and manage Workflows securely and efficiently.

See Access Control.

There are four new event types that record the RBAC feature activity in the Okta System Log:

  • workflows.user.role.user.add

  • workflows.user.role.user.remove

  • workflows.user.role.group.add

  • workflows.user.role.group.remove

See the Event Types API.

Okta Workflows Certificate Authority updates

Root certificates used by Okta Workflows now reflect current certificates as of December 31, 2024. Also, any root Certificate Authority (CA) entities that were removed from the Common CA database after March 11, 2023 will be deprecated in the 2025.03.0 release.

Polling Monitors feature added to Connector Builder

Many APIs support real-time notifications using webhooks, but for remote services that don't support webhooks, triggering automation flows based on new data relies on manual checks or inefficient workarounds. Without access to scheduled updates, admins rely on manual data exports or custom scripts to continuously check for new or updated changes; these processes add complexity and operational overhead.

With the introduction of Polling Monitors in Connector Builder, admins can create custom event triggers to process updated data from APIs without webhook support. Polling monitors make scheduled requests for new events, giving admins full control over when and how their flows respond to new data.

Whether detecting new support tickets in a help-desk system, syncing user updates from a CRM app, or monitoring changes in a third-party service, polling monitors let admins integrate with more services and capture important events.

See Polling monitor events and Build a polling monitor event flow.

Type Of and Cursor function cards now available in Connector Builder

When working with APIs that return ambiguously typed data, the Type Of card identifies whether a returned value has a Text, Number, True/False, Object, Date & Time, or File type. It also detects Lists, making it easier to handle dynamic data structures in your connector flows.

See the Type Of function card.

Also, this release includes the Cursor card for Connector Builder. This Flow Control function card allows builders to save a metadata value for use in creating polling monitor events.

See the Cursor function card.

Connector Builder improvements

When creating a helper flow for a specific context, Connector Builder automatically adds the appropriate event and return cards.

Workflows templates

The following Okta Workflows templates are now available:

See Available Workflows templates.

Fixes in Okta Workflows

  • OKTA-834895

    The Get All Licenses card returned an outdated list of licenses from Google Workspace.

  • OKTA-834930

    The Assign License to User and Unassign License from User cards for Google Workspace returned invalid values for the License Name.

  • OKTA-834944

    The Read User Licenses card didn't return all licenses that were associated with a particular user in Google Workspace.

  • OKTA-838000

    When searching for a user's licenses, the Google Workspace Read User Licenses card didn't accept uppercase letters for the Primary Email input field.

2025.01.2

Event cards added to Okta connector

The following event cards have been added to the Okta connector:

See the Okta connector.

Fixes in Okta Workflows

  • OKTA-663824

    Flow names with underscores or hyphens aren't permitted in Connector Builder but the validation pop-up incorrectly indicated that a name containing these characters was valid.

  • OKTA-816135

    For a Tables Search Rows card configured with a Where Expression filter, if the admin clicked Choose fields, the card lost the values of the fields specified in the filter.

  • OKTA-830211

    The Usage link in the user info dropdown menu pointed to the legacy Usage page, rather than redirecting the admin to the new usage dashboard on the Workflows Console Home page.

  • OKTA-853393

    The Save Flow dialog didn't appear if the admin created a flow and clicked the back button in their browser.

  • OKTA-856042

    When a user enabled mapping for a flow, the mapping lines between input and output fields were only visible when the user hovered over a field, instead of also being available when the user clicked the field.

2025.01.1

Workday connector supports other user domains

The Workday connector now supports the use of any Workday domain for connections, including the .myworkday.com domain.

See Authorization.

CrowdStrike connector now available

The CrowdStrike connector is now available in Okta Workflows with the following cards:

See the CrowdStrike connector.

Fixes in Okta Workflows

  • OKTA-816321

    The If/Else function card didn't show the mapping references for the Input and Output fields even when Show Mapping was activated.

  • OKTA-817024

    When an admin dragged the output field from the individual cards within a Branching function card to the main Outputs field, the function card set the Outputs field to the type of individual card output that was last dropped.

  • OKTA-850679

    Some cards returned intermittent 500 - Node Error: recv error messages.

2025.01.0

Okta Workflows Console home page updated

This release introduces significant updates to the Okta Workflows Console landing page. These improvements to the Home page are intended for new Okta Workflows users, so admins can learn about flows and start creating their own flows quickly. This includes elevating introductory materials and highlighting relevant templates.

With the New Flow button, admins can now create flows directly from the Home page.

See Workflows Console.

OAuth 2.0 security to invoke API endpoints

Okta Workflows users can now securely invoke API endpoints using OAuth 2.0 protocols and their Okta org authorization server. In comparison with the existing token authorization option, this feature is more secure while also being easier to implement.

Add the okta.workflows.invoke.manage scope to any new or existing app integration to make it eligible to invoke your API endpoint.

See Invoke a flow with an API endpoint.

Salesforce connector for Okta for Government High

The Salesforce connector is now available in Okta for Government High orgs.

Fixes in Okta Workflows

  • OKTA-747948

    The Object Split function card accepted a List of Objects type for the Object input field when it should only accept an Object type.