Okta Workflows release notes (2025)
2025.02.0
Okta Workflows tables limit increase
For Okta Workflows customers on a paid subscription level, the per org limit on Workflows tables has been increased from 100 to 200 tables.
See Flow Tables in Workflows system limits.
Role-based access control is now GA for production orgs
As Okta Workflows can make comprehensive changes both inside Okta and out to other connected SaaS apps, access to Workflows was previously restricted to Okta super admins. While this regulation enhanced the security of Okta Workflows, it limited the number of users, restricted the scalability of Okta Workflows, and reduced overall value to customers.
With role-based access control (RBAC), you can now assign Workflows privileges to more users without granting unnecessary access.
To support this feature, three new admin roles are available:
-
Workflows Administrator: For full-access administration, within Okta Workflows only
-
Workflows Auditor: For compliance management with read-only access
-
Connection Manager: For securely handling accounts and credentials
RBAC allows customers to expand the use of Okta Workflows beyond super admins, enabling more team members to build, run, and manage Workflows securely and efficiently.
See Access Control.
There are four new event types that record the RBAC feature activity in the Okta System Log:
-
workflows.user.role.user.add
-
workflows.user.role.user.remove
-
workflows.user.role.group.add
-
workflows.user.role.group.remove
See the Event Types API.
Okta Workflows Certificate Authority updates
Root certificates used by Okta Workflows now reflect current certificates as of December 31, 2024. Also, any root Certificate Authority (CA) entities that were removed from the Common CA database after March 11, 2023 will be deprecated in the 2025.03.0 release.
Polling Monitors feature added to Connector Builder
Many APIs support real-time notifications using webhooks, but for remote services that don't support webhooks, triggering automation flows based on new data relies on manual checks or inefficient workarounds. Without access to scheduled updates, admins rely on manual data exports or custom scripts to continuously check for new or updated changes; these processes add complexity and operational overhead.
With the introduction of Polling Monitors in Connector Builder, admins can create custom event triggers to process updated data from APIs without webhook support. Polling monitors make scheduled requests for new events, giving admins full control over when and how their flows respond to new data.
Whether detecting new support tickets in a help-desk system, syncing user updates from a CRM app, or monitoring changes in a third-party service, polling monitors let admins integrate with more services and capture important events.
See Polling monitor events and Build a polling monitor event flow.
Type Of and Cursor function cards now available in Connector Builder
When working with APIs that return ambiguously typed data, the Type Of card identifies whether a returned value has a Text, Number, True/False, Object, Date & Time, or File type. It also detects Lists, making it easier to handle dynamic data structures in your connector flows.
See the Type Of function card.
Also, this release includes the Cursor card for Connector Builder. This Flow Control function card allows builders to save a metadata value for use in creating polling monitor events.
See the Cursor function card.
Connector Builder improvements
When creating a helper flow for a specific context, Connector Builder automatically adds the appropriate event and return cards.
Workflows templates
The following Okta Workflows templates are now available:
Fixes in Okta Workflows
-
OKTA-834895
The Get All Licenses card returned an outdated list of licenses from Google Workspace.
-
OKTA-834930
The Assign License to User and Unassign License from User cards for Google Workspace returned invalid values for the License Name.
-
OKTA-834944
The Read User Licenses card didn't return all licenses that were associated with a particular user in Google Workspace.
-
OKTA-838000
When searching for a user's licenses, the Google Workspace Read User Licenses card didn't accept uppercase letters for the Primary Email input field.
2025.01.2
Event cards added to Okta connector
The following event cards have been added to the Okta connector:
See the Okta connector.
Fixes in Okta Workflows
-
OKTA-663824
Flow names with underscores or hyphens aren't permitted in Connector Builder but the validation pop-up incorrectly indicated that a name containing these characters was valid.
-
OKTA-816135
For a Tables Search Rows card configured with a Where Expression filter, if the admin clicked Choose fields, the card lost the values of the fields specified in the filter.
-
OKTA-830211
The Usage link in the user info dropdown menu pointed to the legacy Usage page, rather than redirecting the admin to the new usage dashboard on the Workflows Console Home page.
-
OKTA-853393
The Save Flow dialog didn't appear if the admin created a flow and clicked the back button in their browser.
-
OKTA-856042
When a user enabled mapping for a flow, the mapping lines between input and output fields were only visible when the user hovered over a field, instead of also being available when the user clicked the field.
2025.01.1
Workday connector available
The Workday connector is now available in Okta Workflows production orgs with the following cards:
- List Multi Instance Worker Custom Objects
- List Worker Organizations
- Read Multi Instance Worker Custom Object
- Read Single Instance Worker Custom Object
- Read Worker
- Search Work Addresses
- Search Work Emails
- Search Work Phones
- Search Workers
- Update Work Address
- Update Work Email
- Update Work Phone
See the Workday connector.
Workday connector supports other user domains
The Workday connector now supports the use of any Workday domain for connections, including the .myworkday.com domain.
See Authorization.
CrowdStrike connector now available
The CrowdStrike connector is now available in Okta Workflows with the following cards:
- Assign User Roles
- Create User
- Custom API Action
- Delete User
- List User Roles IDs
- Read Role Details
- Read User
- Remove User Roles
- Search User Roles
- Search Users
- Update User Names
See the CrowdStrike connector.
Okta Workflows templates
The following Okta Workflows template is now available:
The following Okta Workflows templates have been updated:
Fixes in Okta Workflows
-
OKTA-816321
The If/Else function card didn't show the mapping references for the Input and Output fields even when Show Mapping was activated.
-
OKTA-817024
When an admin dragged the output field from the individual cards within a Branching function card to the main Outputs field, the function card set the Outputs field to the type of individual card output that was last dropped.
-
OKTA-850679
Some cards returned intermittent 500 - Node Error: recv error messages.
2025.01.0
Okta Workflows Console home page updated
This release introduces significant updates to the Okta Workflows Console landing page. These improvements to the Home page are intended for new Okta Workflows users, so admins can learn about flows and start creating their own flows quickly. This includes elevating introductory materials and highlighting relevant templates.
With the New Flow button, admins can now create flows directly from the Home page.
See Workflows Console.
OAuth 2.0 security to invoke API endpoints
Okta Workflows users can now securely invoke API endpoints using OAuth 2.0 protocols and their Okta org authorization server. In comparison with the existing token authorization option, this feature is more secure while also being easier to implement.
Add the okta.workflows.invoke.manage scope to any new or existing app integration to make it eligible to invoke your API endpoint.
Salesforce connector for Okta for Government High
The Salesforce connector is now available in Okta for Government High orgs.
Fixes in Okta Workflows
-
OKTA-747948
The Object Split function card accepted a List of Objects type for the Object input field when it should only accept an Object type.