Okta Workflows release notes (2025)
2025.03.2
Fixes in Okta Workflows
-
OKTA-890178
When the usage limit for active flows was exceeded, the progress bar wasn't displayed correctly.
-
OKTA-887903
In Okta Workforce Identity Free Trial plans, the banner that indicates when execution limits have been reached disappeared when users refreshed the page.
-
OKTA-845670
Searching in a table sometimes resulted in a 500 internal server error.
2025.03.1
OAuth scope customization enabled for the Gmail connector
You can now specify custom scopes for OAuth connections to the Gmail connector in Okta Workflows.
When you create or reauthorize a connection, go to the Permissions tab in the connection window to specify the scopes. If you want to use the connector as previously configured, select Use Default Scopes. To use the customized scopes feature, specify the desired scopes in Customize scopes (advanced).
See Authorization.
Connector card retry policy improvements
The Okta, Okta Devices, and Okta Realms connector cards have been updated with a more precise retry policy. This reduces the number of API calls when the card encounters rate limit errors. See Workflows - Resilient Flow Design Practices.
Fixes in Okta Workflows
-
OKTA-887114
Users couldn't successfully execute the Run this card action in an If/ElseIf or Try/IfError function card.
-
OKTA-876227
When attempting to view the column properties of a Workflows table in certain scenarios, admins received continuous warnings to refresh the table.
2025.03.0
New look and feel in Okta Workflows
The Workflows Console now provides a new look and feel, including redesigned side and top navigation menus and the addition of a gray background.
Coupa connector
The Coupa connector is now available in Okta Workflows with the following cards:
See the Coupa connector.
Updates to Cisco Identity Intelligence connector
The output of the Identity Intelligence Webhook card has been updated with the addition and removal of several fields. Review the Identity Intelligence Webhook documentation for details on the changed output fields. Update any flows that contain this card.
OAuth scope customization enabled for the Google Calendar connector
You can now specify custom scopes for OAuth connections to the Google Calendar connector in Okta Workflows.
When you create or reauthorize a connection, go to the Permissions tab in the connection window to specify the scopes. If you want to use the connector as previously configured, select Use Default Scopes. To use the customized scopes feature, specify the desired scopes in Customize scopes (advanced).
See Authorization.
Type Of function card now generally available in Workflows
The Type Of card identifies the data type of an API response value: Text, Number, True/False, Object, File, or Date & Time. This function is useful if you don't know what data type might be returned to your workflow. The Type Of card also detects List types, making it easier to handle dynamic data structures in your connector flows.
See the Type Of function card.
Connector Builder Base URL updates
For authorization of connectors in Connector Builder, the Base URL is no longer included. Also, the Token Path and Authorization Path fields must be fully qualified URLs instead of path values. See Use OAuth 2.0 Authorization Code.
Improvements to Okta Read User card
The Okta Read User card has been updated with a reduced retry period. This reduces execution times when the card encounters rate limit errors.
The following Okta Workflows templates have been updated:
-
Raw HTTP Connector to Google Workspace - updates the name of the template.
-
Manage Google Workspace User Licenses - updates the name of the template.
Accessibility improvements to Workflows
This release provides several improvements that increase adherence to accessibility standards in the Okta Workflows Console.
Fixes in Okta Workflows
-
OKTA-874512
The Record Limit field on the List Users card for the Zoho Mail connector didn't correctly return the number of streamed records if the limit was set to a value less than the number of available records.
-
OKTA-878882
In Connector Builder, the connectors shown in the Test versions table didn't display the Created date.
2025.02.3
Fixes in Okta Workflows
-
OKTA-868074
When a user selected a folder in the navigation pane of the Flow Builder, the user had to scroll up to the top of the main page to see the folder contents.
2025.02.2
Fixes in Okta Workflows
-
OKTA-797353
When viewing an Okta Workflows table, if you moved the horizontal scroll bar to the far right side, then the column headers became misaligned with their columns.
-
OKTA-849781
For polling monitors, when the remote service returned the fields defined in the Selected Outputs section, the objects were empty.
-
OKTA-851430
The Encode Component function card didn't support the | special character. Okta connector cards that searched for an attribute containing the | character returned a 400 Bad Request error.
-
OKTA-864937
In a new Okta Workflows table, the cell boundaries for a manually added row were misaligned.
-
OKTA-867709
In the Add app action dialog, the button to clear the Search apps input field or the Search actions input field didn't remove the search text.
2025.02.1
Fixes in Okta Workflows
-
OKTA-744284
If an admin edited the column name of a table in two separate browser windows, this caused a 400 Bad Request error. The dialog for editing the column name showed a wait icon that never completed.
2025.02.0
Okta Workflows tables limit increase
For Okta Workflows customers on a paid subscription level, the per org limit on Workflows tables has been increased from 100 to 200 tables.
See Flow Tables in Workflows system limits.
Role-based access control is now GA for production orgs
As Okta Workflows can make comprehensive changes both inside Okta and out to other connected SaaS apps, access to Workflows was previously restricted to Okta super admins. While this regulation enhanced the security of Okta Workflows, it limited the number of users, restricted the scalability of Okta Workflows, and reduced overall value to customers.
With role-based access control (RBAC), you can now assign Workflows privileges to more users without granting unnecessary access.
To support this feature, three new admin roles are available:
-
Workflows Administrator: For full-access administration, within Okta Workflows only
-
Workflows Auditor: For compliance management with read-only access
-
Connection Manager: For securely handling accounts and credentials
RBAC allows customers to expand the use of Okta Workflows beyond super admins, enabling more team members to build, run, and manage Workflows securely and efficiently.
See Access Control.
There are four new event types that record the RBAC feature activity in the Okta System Log:
-
workflows.user.role.user.add
-
workflows.user.role.user.remove
-
workflows.user.role.group.add
-
workflows.user.role.group.remove
See the Event Types API.
Okta Workflows Certificate Authority updates
Root certificates used by Okta Workflows now reflect current certificates as of December 31, 2024. Also, any root Certificate Authority (CA) entities that were removed from the Common CA database after March 11, 2023 will be deprecated in the 2025.03.0 release.
Polling Monitors feature added to Connector Builder
Many APIs support real-time notifications using webhooks, but for remote services that don't support webhooks, triggering automation flows based on new data relies on manual checks or inefficient workarounds. Without access to scheduled updates, admins rely on manual data exports or custom scripts to continuously check for new or updated changes; these processes add complexity and operational overhead.
With the introduction of Polling Monitors in Connector Builder, admins can create custom event triggers to process updated data from APIs without webhook support. Polling monitors make scheduled requests for new events, giving admins full control over when and how their flows respond to new data.
Whether detecting new support tickets in a help-desk system, syncing user updates from a CRM app, or monitoring changes in a third-party service, polling monitors let admins integrate with more services and capture important events.
See Polling monitor events and Build a polling monitor event flow.
Type Of and Cursor function cards now available in Connector Builder
When working with APIs that return ambiguously typed data, the Type Of card identifies whether a returned value has a Text, Number, True/False, Object, Date & Time, or File type. It also detects Lists, making it easier to handle dynamic data structures in your connector flows.
See the Type Of function card.
Also, this release includes the Cursor card for Connector Builder. This Flow Control function card allows builders to save a metadata value for use in creating polling monitor events.
See the Cursor function card.
Connector Builder improvements
When creating a helper flow for a specific context, Connector Builder automatically adds the appropriate event and return cards.
Workflows templates
The following Okta Workflows templates are now available:
Fixes in Okta Workflows
-
OKTA-834895
The Get All Licenses card returned an outdated list of licenses from Google Workspace.
-
OKTA-834930
The Assign License to User and Unassign License from User cards for Google Workspace returned invalid values for the License Name.
-
OKTA-834944
The Read User Licenses card didn't return all licenses that were associated with a particular user in Google Workspace.
-
OKTA-838000
When searching for a user's licenses, the Google Workspace Read User Licenses card didn't accept uppercase letters for the Primary Email input field.
2025.01.2
Event cards added to Okta connector
The following event cards have been added to the Okta connector:
See the Okta connector.
Fixes in Okta Workflows
-
OKTA-663824
Flow names with underscores or hyphens aren't permitted in Connector Builder but the validation pop-up incorrectly indicated that a name containing these characters was valid.
-
OKTA-816135
For a Tables Search Rows card configured with a Where Expression filter, if the admin clicked Choose fields, the card lost the values of the fields specified in the filter.
-
OKTA-830211
The Usage link in the user info dropdown menu pointed to the legacy Usage page, rather than redirecting the admin to the new usage dashboard on the Workflows Console Home page.
-
OKTA-853393
The Save Flow dialog didn't appear if the admin created a flow and clicked the back button in their browser.
-
OKTA-856042
When a user enabled mapping for a flow, the mapping lines between input and output fields were only visible when the user hovered over a field, instead of also being available when the user clicked the field.
2025.01.1
Workday connector available
The Workday connector is now available in Okta Workflows production orgs with the following cards:
- List Multi Instance Worker Custom Objects
- List Worker Organizations
- Read Multi Instance Worker Custom Object
- Read Single Instance Worker Custom Object
- Read Worker
- Search Work Addresses
- Search Work Emails
- Search Work Phones
- Search Workers
- Update Work Address
- Update Work Email
- Update Work Phone
See the Workday connector.
Workday connector supports other user domains
The Workday connector now supports the use of any Workday domain for connections, including the .myworkday.com domain.
See Authorization.
CrowdStrike connector now available
The CrowdStrike connector is now available in Okta Workflows with the following cards:
- Assign User Roles
- Create User
- Custom API Action
- Delete User
- List User Roles IDs
- Read Role Details
- Read User
- Remove User Roles
- Search User Roles
- Search Users
- Update User Names
See the CrowdStrike connector.
Okta Workflows templates
The following Okta Workflows template is now available:
The following Okta Workflows templates have been updated:
Fixes in Okta Workflows
-
OKTA-816321
The If/Else function card didn't show the mapping references for the Input and Output fields even when Show Mapping was activated.
-
OKTA-817024
When an admin dragged the output field from the individual cards within a Branching function card to the main Outputs field, the function card set the Outputs field to the type of individual card output that was last dropped.
-
OKTA-850679
Some cards returned intermittent 500 - Node Error: recv error messages.
2025.01.0
Okta Workflows Console home page updated
This release introduces significant updates to the Okta Workflows Console landing page. These improvements to the Home page are intended for new Okta Workflows users, so admins can learn about flows and start creating their own flows quickly. This includes elevating introductory materials and highlighting relevant templates.
With the New Flow button, admins can now create flows directly from the Home page.
See Workflows Console.
OAuth 2.0 security to invoke API endpoints
Okta Workflows users can now securely invoke API endpoints using OAuth 2.0 protocols and their Okta org authorization server. In comparison with the existing token authorization option, this feature is more secure while also being easier to implement.
Add the okta.workflows.invoke.manage scope to any new or existing app integration to make it eligible to invoke your API endpoint.
Salesforce connector for Okta for Government High
The Salesforce connector is now available in Okta for Government High orgs.
Fixes in Okta Workflows
-
OKTA-747948
The Object Split function card accepted a List of Objects type for the Object input field when it should only accept an Object type.