Criteria for low-latency flows
Many elements can negatively impact the latency of your flow.
- Resource contention on the service
- If you're processing a large amount of data while simultaneously executing a flow on the same system, there are fewer resources available.
- Rate limits
- Most connectors from third parties contain built-in logic that prevents excess calls to their systems (for example, to prevent denial of service attacks). Flows that minimize executions against a remote system avoid these rate limits.
- Logic errors
- The extensive capabilities of Okta Workflows allow you to create flows that can perform large data scans. These scans can extend beyond the intended scope of the flow, or even enter into unintended loops or recursions. You can reduce this impact with careful planning and testing of a flow before implementation.
- Performance differences between supported features or integrations
- There may be different scale profiles between different Workflow features. For example, the Tables feature in Workflows runs separately from the core runtime system. Flows that use the Tables feature can see performance issues compared to other flows that run solely on the core system.
To help resolve the impact of resource contention, the Low-latency feature moves eligible use cases over to an environment with less resource contention.
Supported use cases
Initially, the Low-latency feature supports the following use cases for low-latency mode. When you create a flow with the initial condition listed, it always starts in low-latency mode.
|
Condition |
Example use case |
|---|---|
|
Flow begins with the API Endpoint card |
Inline hooks |
|
Flow starts with any of the Okta connector event cards |
First-party event hooks |
|
Flow starts with a webhook from a third party through a connector card |
Third-party webhooks |
|
Flow uses a Delegated Flow event card |
Delegated flows |
Low-latency constraints
There are technical requirements that your flow must meet to run in low-latency mode. If your flow violates any of the following constraints, Okta removes it from the low-latency mode and returns it to the standard mode for execution.
|
Constraint |
Description |
|---|---|
| Excess resource usage | Flow exceeds the resource constraint limits for execution. See Supported use cases. |
| Rate limits | Flow uses a third-party connector and receives an HTTP 429 Too Many Requests error or any other rate limit error. |
| Explicit pauses | Flow explicitly pauses the execution using one of the Wait For, Wait Until or Pause cards. |
| Timeouts | Flow doesn't finish within the default timeout period for an HTTP connection (60 seconds). |
| Streaming actions | Flow uses connector cards with data streaming. These cards are designed to process large datasets using pagination and rarely finish within the timeout limit. |
| Using asynchronous features |
Flow is marked to run in the background without blocking another flow. For example, the Call Flow Async card. For function cards that call a helper flow synchronously, the helper flow starts in low-latency mode but is subject to the same constraints as the parent flow. If the parent calls a helper flow asynchronously, the parent flow can continue in low-latency mode. However, the helper flow isn't eligible for low-latency mode and executes in standard mode. |
| HTTP Close card |
Flow uses the HTTP Close card to manually close a connection. The HTTP Close card is eligible for low-latency mode. However, using it causes the remainder of the flow to be ineligible for low latency mode, because it implies that the rest of the flow executes asynchronously. |
Specific function card constraints
Generally, Okta Workflows function cards are eligible for use in flows executing in low-latency mode. However, there are exceptions where the execution of the function involves:
-
Large data size
-
Calling helper flows
-
Looping and recursion
-
Table operations
Cards that are outside of the general eligibility for low-latency mode can be classified as being either in a yellow or red zone. The following table outlines the specific cards that fall into the different zones. A dash in the table indicates that there aren't any cards in that zone.
-
Yellow classification implies that the card is eligible to start in low-latency mode. However that card has a higher risk of running into system resource constraints depending on the data being processed.
-
Red classification is for cards that are ineligible for low-latency mode.
|
Category |
Yellow |
Red |
|---|---|---|
| Events (used to invoke a flow) |
|
|
| API Connector (HTTP) |
|
- |
| File |
|
- |
| Flow Control |
|
|
| Flows |
|
- |
| Folders |
|
- |
| List |
|
- |
| Object |
|
- |
| Tables |
|
- |
Specific connector constraints
Workflow connector cards are eligible for low-latency mode, as custom connector events are implemented using webhooks, which cause an invoked flow to start in low-latency mode. However, any connector action cards included in the flow must complete within the 60-second time restriction. Any third-party API actions must respond promptly and without error so that the flow finishes in time.
Also note that any streaming actions during execution move a flow out of low-latency mode. Streaming actions typically process large data sets and may take minutes or hours to complete.
Generally, Okta Workflows connector cards are classified as being in a yellow zone. This means that the card has a higher risk of running into system resource constraints or network latency. The exceptions to this classification are outlined in the following table. A dash in the table indicates that no cards exist for that zone.
-
Connector cards in the green zone are eligible for low-latency mode.
-
Connector cards in the red zone are ineligible for low-latency mode. Any card marked with an asterisk can stream records as part of the card, so it's classified in the red zone.
First-party connectors
|
Connector name |
Green |
Red |
|---|---|---|
| Adobe User Management connector | - |
|
| Advanced Server Access connector | - |
|
| Airtable connector | - | - |
|
- |
- |
|
|
- |
- |
|
|
- |
- |
|
|
- |
|
|
|
- |
- |
|
|
- |
|
|
|
All event cards |
- |
|
|
- |
- |
|
|
- |
- |
|
|
- |
- |
|
|
- |
- |
|
|
All event cards |
- |
|
|
All event cards |
- |
|
|
All event cards |
|
|
|
- |
- |
|
|
All event cards |
- |
|
|
All event cards |
- |
|
|
- |
- |
|
|
All event cards |
- |
|
|
All event cards |
- |
|
|
- |
|
|
|
- |
- |
|
|
- |
- |
|
|
All event cards |
- |
|
|
All event cards |
- |
|
|
- |
- |
|
|
- |
|
|
|
- |
- |
|
|
- |
|
|
|
All event cards |
|
|
|
All event cards |
|
|
|
All event cards |
|
|
|
- |
- |
|
|
- |
|
|
|
All event cards |
|
|
|
All event cards |
- |
|
|
All event cards |
- |
|
|
- |
- |
|
|
All event cards |
|
|
|
- |
- |
|
|
All event cards |
- |
|
|
- |
- |
|
|
- |
- |
|
|
All event cards |
|
|
|
All event cards |
|
|
|
- |
- |
Third-party connectors
|
Connector name |
Green |
Red |
|---|---|---|
| Kandji connector |
- |
|
| Pendo connector | - | - |
| Recorded Future Identity Intelligence connector | - | - |
| Secure Code Warrior connector | - | - |