Guidance for Okta connector

Read the following information for guidance and best practices when using the <name> connector in your flows.

Authentication

To authorize the connector:

  • You must be assigned to the Okta Workflows OAuth app.

  • You must have Super Admin credentials.

You also need the following information for authorizing your Okta account:

  • Domain: Your Okta org domain. If the URL of your Okta org is https://yourcompany.okta.com, then your domain is yourcompany.okta.com.

  • Client ID and Client Secret: The client ID and client secret from your Okta Workflows OAuth app. To find this, go to Okta Admin Console > Applications > Okta Workflows OAuthapp > Sign On tab > Sign On Methods.

Supported scopes

In the Okta Workflows Console,

  1. Go to Applications > the Okta Workflows OAuth app > Okta API Scopes. A list of available scopes appears.

  2. Click the Grant button for the scope(s) you want to grant. A success message appears.

List of available scopes in the Okta connector

Scopes with an asterisk are not configurable through the Okta Workflows OAuth app.

  • openid*

  • profile*

  • email*

  • phone*

  • address*

  • groups*

  • offline_access*

  • okta.apps.manage

  • okta.apps.read

  • okta.clients.manage

  • okta.clients.read

  • okta.clients.register

  • okta.eventHooks.manage

  • okta.eventHooks.read

  • okta.events.read

  • okta.factors.manage

  • okta.factors.read

  • okta.groups.manage

  • okta.groups.read

  • okta.idps.manage

  • okta.idps.read

  • okta.inlineHooks.manage

  • okta.inlineHooks.read

  • okta.linkedObjects.manage

  • okta.linkedObjects.read

  • okta.logs.read

  • okta.policies.manage

  • okta.policies.read

  • okta.roles.manage

  • okta.roles.read

  • okta.schemas.manage

  • okta.schemas.read

  • okta.users.manage

  • okta.users.read

Best practices

The following information provides additional configuration information for Okta cards:

Search System Log Options

  • In the Keyword field, the query parameter q is used to perform keyword matching against a Log Events object's attribute values. All input keywords must be matched exactly (keyword matching is case-insensitive). See System Log.

  • No values are returned when using a keyword match on an attribute with a null.

  • The eq operator is used to concatenate each key and value pair, and combines different keys with and operator. To use other operators, use the Custom Filter field to build your own expression. Those pre-defined fields and Custom Filter field are concatenated using the and operator. See System Log.

Get Users Groups

The following examples show configurations for obtaining first 200 groups and for streaming.

First 200 Records

This flow captures the First 200 Groups that a user joined on a monthly basis.

Parent flow

Helper flow

Stream Records

This flow updates one Custom Field value for all the groups that a specific user joined.

Parent flow

Helper flow

Related topics

Okta connector

About the elements of Okta Workflows

Guidance for Okta connector

Okta API