Access control example

Early Access release. See Enable self-service features.

This feature is available only on Preview orgs.

The following example outlines the main roles and actions for employees at a company called ExampleCorp. This company wants to implement role-based access controls for a select set of Okta Workflows users.

This scenario assumes that all the users already have active accounts in Okta Universal Directory.

Team members

The people involved in setting up Okta Workflows at ExampleCorp.

Name

Role

Description

Simon

Okta super admin

Simon manages the Okta Universal Directory and does some application integration work. He doesn't need to use Okta Workflows in his daily job.

Greta

Workflows Administrator

Greta has been tasked with setting up Okta Workflows for ExampleCorp. She needs connections to several third-party apps and is going to write new flows to implement improvements in the business processes. Greta also wants to create folders for the different projects to keep them organized.

Jamaal

Workflows Administrator

Working with Greta, Jamaal is going to be creating flows, but is also going to build a connector to interface with the ExampleCorp HR system.

Shriram

Workflows Auditor

As a process manager for ExampleCorp, Shriram is auditing the work done by Greta and Jamaal. He needs to see how the flows work and what information they create. However, he doesn't need to write or execute any flows directly.

He also needs to know who has permissions to run flows and view output.

Estelle

Connection Manager

Part of the security team at ExampleCorp, Estelle manages the credentials for connecting to the various SaaS applications that ExampleCorp uses every day. Estelle isn't part of Greta's implementation team.

Action plan

Based on their roles and responsibilities, here's how the team should proceed.

Create and assign the Workflows admin roles and app

Owner: Simon

  1. Simon signs in to the Okta Admin Console with his super admin permissions. His first task is to create an admin group for Greta and Jamaal. He goes to DirectoryGroups and creates a group called Workflows Admins and adds Greta and Jamaal to that group. By using a group, he can save time later if Greta asks him to add more Workflows Administrator members.

  2. Next, he syncs this group downstream to Okta Workflows according to the Sync a group instructions.

  3. Following the instructions in the Assign the Workflows Administrator role topic, Simon grants the Workflows Administrator role to this new group. This action automatically assigns the Okta Workflows app to the Okta End-User Dashboard for both Greta and Jamaal.

  4. Simon then uses the Assign the Okta Workflows app instructions to individually assign the Okta Workflows app to both Shriram and Estelle. He notifies Greta that her team can proceed with the next steps.

Assign the secondary Workflows roles

Owner: Greta

  1. Using the new Okta Workflows application tile on her dashboard, Greta signs in to the Workflows Console. She opens the new Settings page and clicks the Role assignments tab.

  2. Using the instructions on the Manage Workflows roles topic, Greta assigns the Workflows Auditor role to Shriram and the Connection Manager role to Estelle.

Create secure connections

Owner: Estelle

Only Estelle has the connection credentials for the external SaaS applications. In her role as Connection Manager, she can enter this sensitive information without having to share it directly.

  1. Greta contacts Estelle and asks her to create connections to several important connectors that the team wants to use.

  2. Estelle opens the Workflows Console through the app tile on her Okta End-User Dashboard. In the Workflows Console, she can see the Connections page.

  3. She uses the Connect your applications instructions to set the Okta Workflows OAuth app, and also configures each connector that Greta wants to add to Workflows.

Implement Okta Workflows

Owners: Greta, Jamaal

  1. While Estelle creates the connections, Greta sets up some folders in the Workflows Console to organize the projects.

  2. After the connections are ready, Greta and Jamaal begin creating flows that implement the process improvements that they want Okta Workflows to handle.

  3. Greta decides to use some of the Available Workflows templates as starting points for their work. They begin by creating some flows to automate the onboarding tasks for new hires.

Follow auditing procedures

Owner: Shriram

As part of their development process, Greta and Jamaal meet regularly with Shriram to ensure that the onboarding flows don't retain any sensitive data.

  1. As a Workflows Auditor, he can open the Workflows Console from the tile on his Okta End-User Dashboard.

  2. Shriram reviews the execution history of the flows for sensitive data.

  3. Shriram also checks the Role Assignment tab on the Settings view. He confirms that only the required people at ExampleCorp have access to the connections details and can run the new flows.

Build new connectors

Owner: Jamaal

While Greta focuses on building flows with existing connectors, Jamaal starts creating a connector to interact with the in-house HR system. As a Workflows Administrator, he has full access to create and deploy test connectors using the Connector Builder feature.

Related topics

Assign the Okta Workflows app

Assign the Workflows Administrator role

Manage Workflows roles

Resource permissions