Scopes for Okta Realms connector cards
Your Okta Realms connector accesses the Okta API using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints. The scopes contained in the access token control the ability to perform these actions.
Grant the required scopes for each of the event and action cards that you want to use in your Okta Realms connector.
For an existing connection, you must reauthorize the connection to pick up any scope changes.
The OAuth 2.0 Scopes topic in the Okta developer documentation contains detailed descriptions for all available scopes.
Default scopes
These default scopes are automatically granted. You don't need to grant them through the Okta Workflows OAuth app. They appear in the Permissions tab of the Okta Realms connector.
The connection authorization fails if you revoke any of these automatically granted scopes in the OAuth app.
- address
- groups
- offline_access
- okta.realms.read
- openid
- phone
- profile
Action cards
The action cards for the Okta Realms connector require the scopes indicated in the following table.
|
Connector card |
Required scopes |
|---|---|
|
okta.realms.manage |
|
|
okta.schemas.read okta.users.manage |
|
|
okta.realms.read okta.users.read |
|
|
okta.realms.read |
|
|
okta.realms.read |
|
|
okta.realms.manage |
|
|
okta.users.manage |