Okta Workflows - Preview release notes

Current release

Preview release of Okta Workflows 2024.08.3 began deployment on August 29, 2024.

FedRAMP High support for Microsoft connectors

The following connectors now support the Federal Risk and Authorization Management Program (FedRAMP) High Baseline and can be used in Okta for Government High:

  • Excel Online
  • Azure Active Directory
  • Microsoft Teams
  • Office 365 Calendar
  • Office 365 Mail
  • OneDrive

Okta Workflows in Okta for Government High only supports connections using accounts from Office 365 GCC High tenants.

IP session restrictions for Okta Workflows is GA in Preview

The IP session restrictions feature is now enabled for Okta Workflows. This feature ensures that all Workflows requests in a session use the same IP address that was logged when the session was created. If the IP address doesn't match any request, the session is terminated and the admin must sign in again.

If you want to disable the feature, contact Okta Support.

Role-based access control available is EA in Preview

As Okta Workflows can make comprehensive changes both within Okta and out to other connected SaaS apps, access to Workflows was restricted to Okta super admins. While this regulation enhanced the security of Okta Workflows, it limited the number of users, restricted the ability to scale the use of Okta Workflows, and reduced its overall value to customers.

With role-based access control (RBAC), you can now assign Workflows privileges to more users without granting unnecessary access.

To support this feature, three new admin roles are available:

  • Workflows Administrator: For full-access administration within Okta Workflows only

  • Workflows Auditor: For compliance management with read-only access

  • Connection Manager: For securely handling accounts and credentials

RBAC allows customers to expand the use of Okta Workflows beyond super admins, enabling more team members to build, run, and manage Workflows securely and efficiently.

To turn on this EA feature for your org, go to SettingsFeatures in the Admin Console and enable these options:

  • Workflows Access Control

  • Workflow Admin Role

  • Workflows Provisioning

See Access Control.

The addition of the RBAC feature includes four new event types to record related actions in Okta Workflows:

  • workflows.user.role.user.add

  • workflows.user.role.user.remove

  • workflows.user.role.group.add

  • workflows.user.role.group.remove

See the Event Types API.

Fixes in Okta Workflows

  • OKTA-794118

    Download File action cards sometimes returned an Invalid Authentication Token error message.

  • OKTA-754284

    After you configure the Execution Log Streaming feature, if the feature was later turned off, streaming events were still sent to the downstream service.