Authorization

Authorize this connector by creating a connection to your Okta Privileged Access account. You can reuse this connection the next time that you build a flow with this connector.

You can create multiple unique connections and manage them from the Connections page in the Okta Workflows Console.

Before you begin

  • You need an Okta tenant with Okta Workflows and Okta Privileged Access both enabled and properly configured.

  • As a PAM admin, complete these tasks:

    1. Create an OPA group and assign the Resource Admin and Security Admin roles. See Team roles.

    2. Create a service user account. See Service users.

      Okta Workflows uses this service account to create connections for the Okta Privileged Access connector.

    3. Click Create API Key. Copy the API Key ID and API Key Secret created during this step.

    4. Add the service user account to the new OPA group. See Add a user to a group.

Procedure

Create a connection in Okta Workflows

  1. In the Okta Workflows Console, go to Connections.

  2. Click New Connection to see a list of all available connectors.

  3. Select the Okta Privileged Access connector.

  4. In the New Connection window, enter a Connection Nickname. Using unique nicknames is helpful if you plan to create multiple connections.

  5. Enter a description in the Connection description field. This is useful to explain any differences between multiple connections.

  6. In the OPA Team Name field, enter the value for the team that contains the service user account you created. You can find this team name either in the URL of your Okta Privileged Access Console at https://{OktaOrgName}.pam.okta.com/t/{TeamName}/team/clientsession, or at the top of the System Configuration page in the OPA Console.

  7. In the Service Account API Key ID field, enter the value from the service user account you created.

  8. In the Service Account API Key field, enter the value from the service user account you created.

  9. In the OPA Base URL field, enter https://{OktaOrgName}.pam.okta.com, where {OktaOrgName} is the name of your Okta org. Ensure that there's no trailing / character in your OPA Base URL field.

  10. Click Create.

The new Okta Privileged Access connection appears in the Connections list. You can now go to the Flows page and create flows using this OPA connection. See Build and test a flow.

Related topics

Okta Privileged Access connector

Cards in flows

Okta Privileged Access API