Okta Workflows release notes (2025)

2025.02.0

Okta Workflows tables limit increase

For Okta Workflows customers on a paid subscription level, the per org limit on Workflows tables has been increased from 100 to 200 tables.

See Flow Tables in Workflows system limits.

Role-based access control is now GA for production orgs

As Okta Workflows can make comprehensive changes both inside Okta and out to other connected SaaS apps, access to Workflows was previously restricted to Okta super admins. While this regulation enhanced the security of Okta Workflows, it limited the number of users, restricted the scalability of Okta Workflows, and reduced overall value to customers.

With role-based access control (RBAC), you can now assign Workflows privileges to more users without granting unnecessary access.

To support this feature, three new admin roles are available:

  • Workflows Administrator: For full-access administration, within Okta Workflows only

  • Workflows Auditor: For compliance management with read-only access

  • Connection Manager: For securely handling accounts and credentials

RBAC allows customers to expand the use of Okta Workflows beyond super admins, enabling more team members to build, run, and manage Workflows securely and efficiently.

See Access Control.

There are four new event types that record the RBAC feature activity in the Okta System Log:

  • workflows.user.role.user.add

  • workflows.user.role.user.remove

  • workflows.user.role.group.add

  • workflows.user.role.group.remove

See the Event Types API.

Okta Workflows Certificate Authority updates

Root certificates used by Okta Workflows now reflect current certificates as of December 31, 2024. Also, any root Certificate Authority (CA) entities that were removed from the Common CA database after March 11, 2023 will be deprecated in the 2025.03.0 release.

Polling Monitors feature added to Connector Builder

Many APIs support real-time notifications using webhooks, but for remote services that don't support webhooks, triggering automation flows based on new data relies on manual checks or inefficient workarounds. Without access to scheduled updates, admins rely on manual data exports or custom scripts to continuously check for new or updated changes; these processes add complexity and operational overhead.

With the introduction of Polling Monitors in Connector Builder, admins can create custom event triggers to process updated data from APIs without webhook support. Polling monitors make scheduled requests for new events, giving admins full control over when and how their flows respond to new data.

Whether detecting new support tickets in a help-desk system, syncing user updates from a CRM app, or monitoring changes in a third-party service, polling monitors let admins integrate with more services and capture important events.

See Polling monitor events and Build a polling monitor event flow.

Type Of and Cursor function cards now available in Connector Builder

When working with APIs that return ambiguously typed data, the Type Of card identifies whether a returned value has a Text, Number, True/False, Object, Date & Time, or File type. It also detects Lists, making it easier to handle dynamic data structures in your connector flows.

See the Type Of function card.

Also, this release includes the Cursor card for Connector Builder. This Flow Control function card allows builders to save a metadata value for use in creating polling monitor events.

See the Cursor function card.

Connector Builder improvements

When creating a helper flow for a specific context, Connector Builder automatically adds the appropriate event and return cards.

Workflows templates

The following Okta Workflows templates are now available:

See Available Workflows templates.

Fixes in Okta Workflows

  • OKTA-834895

    The Get All Licenses card returned an outdated list of licenses from Google Workspace.

  • OKTA-834930

    The Assign License to User and Unassign License from User cards for Google Workspace returned invalid values for the License Name.

  • OKTA-834944

    The Read User Licenses card didn't return all licenses that were associated with a particular user in Google Workspace.

  • OKTA-838000

    When searching for a user's licenses, the Google Workspace Read User Licenses card didn't accept uppercase letters for the Primary Email input field.

2025.01.2

Event cards added to Okta connector

The following event cards have been added to the Okta connector:

See the Okta connector.

Fixes in Okta Workflows

  • OKTA-663824

    Flow names with underscores or hyphens aren't permitted in Connector Builder but the validation pop-up incorrectly indicated that a name containing these characters was valid.

  • OKTA-816135

    For a Tables Search Rows card configured with a Where Expression filter, if the admin clicked Choose fields, the card lost the values of the fields specified in the filter.

  • OKTA-830211

    The Usage link in the user info dropdown menu pointed to the legacy Usage page, rather than redirecting the admin to the new usage dashboard on the Workflows Console Home page.

  • OKTA-853393

    The Save Flow dialog didn't appear if the admin created a flow and clicked the back button in their browser.

  • OKTA-856042

    When a user enabled mapping for a flow, the mapping lines between input and output fields were only visible when the user hovered over a field, instead of also being available when the user clicked the field.

2025.01.1

Workday connector supports other user domains

The Workday connector now supports the use of any Workday domain for connections, including the .myworkday.com domain.

See Authorization.

CrowdStrike connector now available

The CrowdStrike connector is now available in Okta Workflows with the following cards:

See the CrowdStrike connector.

Fixes in Okta Workflows

  • OKTA-816321

    The If/Else function card didn't show the mapping references for the Input and Output fields even when Show Mapping was activated.

  • OKTA-817024

    When an admin dragged the output field from the individual cards within a Branching function card to the main Outputs field, the function card set the Outputs field to the type of individual card output that was last dropped.

  • OKTA-850679

    Some cards returned intermittent 500 - Node Error: recv error messages.

2025.01.0

Okta Workflows Console home page updated

This release introduces significant updates to the Okta Workflows Console landing page. These improvements to the Home page are intended for new Okta Workflows users, so admins can learn about flows and start creating their own flows quickly. This includes elevating introductory materials and highlighting relevant templates.

With the New Flow button, admins can now create flows directly from the Home page.

See Workflows Console.

OAuth 2.0 security to invoke API endpoints

Okta Workflows users can now securely invoke API endpoints using OAuth 2.0 protocols and their Okta org authorization server. In comparison with the existing token authorization option, this feature is more secure while also being easier to implement.

Add the okta.workflows.invoke.manage scope to any new or existing app integration to make it eligible to invoke your API endpoint.

See Invoke a flow with an API endpoint.

Salesforce connector for Okta for Government High

The Salesforce connector is now available in Okta for Government High orgs.

Fixes in Okta Workflows

  • OKTA-747948

    The Object Split function card accepted a List of Objects type for the Object input field when it should only accept an Object type.