Resource permissions
Beta release
The role-based access control (RBAC) feature in Okta Workflows enables you to restrict permissions on resources to specific roles. Unless otherwise noted, resource permissions are managed using the Workflows Console. See Manage Workflows org roles and Manage Workflows folder roles.
Only Okta super admins have access to delegated flows and these are assigned and executed using the Okta Admin Console. See Run a delegated flow.
Only super admins can contact the Okta sales team.
The following tables identify specific resources that each role can access.
Roles
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Integration Builder | Unassigned User |
|---|---|---|---|---|---|---|---|---|---|---|
| Assign Workflows Administrator (in the Okta Admin Console) |
|
|
|
|
|
|
|
|
|
|
| Assign Connection Manager |
|
|
|
|
|
|
|
|
|
|
| Assign Workflows Auditor |
|
|
|
|
|
|
|
|
|
|
| Assign Connector Builder |
|
|
|
|
|
|
|
|
|
|
| Assign folder permissions |
|
|
|
|
|
|
|
|
|
|
| View role assignments |
|
|
|
|
|
|
|
|
|
|
Pages
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Integration Builder | Unassigned User |
|---|---|---|---|---|---|---|---|---|---|---|
| View Home page |
|
|
|
|
|
|
|
|
|
|
| View Flows page |
|
|
|
|
|
|
|
|
|
|
| View Connections page |
|
|
|
|
|
|
|
|
|
|
| View Templates page |
|
|
|
|
|
|
|
|
|
|
| View the Settings page |
|
|
|
|
|
|
|
|
|
|
Connections
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Unassigned User |
|---|---|---|---|---|---|---|---|---|---|
| Create global connections |
|
|
|
|
|
|
|
|
|
| View global connections |
|
|
|
|
|
|
|
|
|
| View global connections usage |
|
|
|
|
|
|
|
|
|
| Rename global connections |
|
|
|
|
|
|
|
|
|
| Reauthorize global connections |
|
|
|
|
|
|
|
|
|
| Test global connections |
|
|
|
|
|
|
|
|
|
| Delete global connections |
|
|
|
|
|
|
|
|
|
| Create folder connections |
|
|
|
|
|
|
|
|
|
| View folder connections |
|
|
|
|
|
|
|
|
|
| View folder connections usage |
|
|
|
|
|
|
|
|
|
| Rename folder connections |
|
|
|
|
|
|
|
|
|
| Reauthorize folder connections |
|
|
|
|
|
|
|
|
|
| Test folder connections |
|
|
|
|
|
|
|
|
|
|
Delete folder connections |
|
|
|
|
|
|
|
|
|
Folders
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Integration Builder |
|---|---|---|---|---|---|---|---|---|---|
| Create folders |
|
|
|
|
|
|
|
|
|
| Create subfolders |
|
|
|
|
|
|
|
|
|
| Move folders |
|
|
|
|
|
|
|
|
|
| Modify folders |
|
|
|
|
|
|
|
|
|
| Edit folder settings |
|
|
|
|
|
|
|
|
|
| Modify subfolders |
|
|
|
|
|
|
|
|
|
| Duplicate folders |
|
|
|
|
|
|
|
|
|
| Export folders |
|
|
|
|
|
|
|
|
|
| Import folders |
|
|
|
|
|
|
|
|
|
| Delete folders |
|
|
|
|
|
|
|
|
|
| Delete subfolders |
|
|
|
|
|
|
|
|
|
| View folder settings |
|
|
|
|
|
|
|
|
|
| Move folders |
|
|
|
|
|
|
|
|
|
Flows
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Unassigned User |
|---|---|---|---|---|---|---|---|---|---|
| Create flows |
|
|
|
|
|
|
|
|
|
| View flows |
|
|
|
|
|
|
|
|
|
| Execute flows |
|
|
|
|
|
|
|
|
|
| Activate or deactivate flows |
|
|
|
|
|
|
|
|
|
| Cancel flows |
|
|
|
|
|
|
|
|
|
| Modify flows |
|
|
|
|
|
|
|
|
|
| Delete flows |
|
|
|
|
|
|
|
|
|
|
Export flows |
|
|
|
|
|
|
|
|
|
|
View Execution History |
|
|
|
|
|
|
|
|
|
|
Activate or deactivate Execution History |
|
|
|
|
|
|
|
|
|
| Clear Execution History |
|
|
|
|
|
|
|
|
|
| View Flow Chart |
|
|
|
|
|
|
|
|
|
| Move flows between folders |
|
|
|
|
|
|
|
|
|
| Duplicate flows |
|
|
|
|
|
|
|
|
|
Tables
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Unassigned User |
|---|---|---|---|---|---|---|---|---|---|
| Create tables |
|
|
|
|
|
|
|
|
|
| View tables |
|
|
|
|
|
|
|
|
|
| Export tables |
|
|
|
|
|
|
|
|
|
| Modify tables |
|
|
|
|
|
|
|
|
|
| Delete tables |
|
|
|
|
|
|
|
|
|
| Move tables |
|
|
|
|
|
|
|
|
|
| Duplicate tables |
|
|
|
|
|
|
|
|
|
Files
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Unassigned User |
|---|---|---|---|---|---|---|---|---|---|
| Download files |
|
|
|
|
|
|
|
|
|
| View files |
|
|
|
|
|
|
|
|
|
Templates
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Folder Manager | Folder Editor | Folder Runner | Folder Reader | Integration Builder | Unassigned User |
|---|---|---|---|---|---|---|---|---|---|---|
| Install templates |
|
|
|
|
|
|
|
|
|
|
| Access template resources |
|
|
|
|
|
|
|
|
|
|
The Install templates permission means that the user can add a template into Okta Workflows.
The Access template resources permission means that the user can browse the templates on the Templates page and view all template details (names, descriptions, and images).
Connector Builder
| Permission | Super Administrator | Workflows Administrator | Connection Manager | Workflows Auditor | Integration Builder | Unassigned User |
|---|---|---|---|---|---|---|
| View Connector Builder |
|
|
|
|
|
|
| Create connector projects |
|
|
|
|
|
|
| Modify connector projects |
|
|
|
|
|
|
| View connector projects |
|
|
|
|
|
|
| Delete connector projects |
|
|
|
|
|
|
| See Include test connectors |
|
|
|
|
|
|