Roles and permissions

The Workflows Console contains a new Settings page. The Role assignments tab on this page displays the roles for users and groups who have access to Okta Workflows.

The Settings page is available only to users with an assigned role in Okta Workflows.

  • This page inherits the user and group information from the Okta Universal Directory for your org.

  • Admins must add users to an Okta group using the Okta Admin Console.

  • Admins can't add users to the matching Okta Workflows group from within the Workflows Console.

  • Either an Okta super admin or a Workflows Administrator can assign access to any users or groups found on the Role assignments tab. See Manage Workflows roles.

Role

Description

Okta super admin

This role is managed through the Okta Admin Console.

This is the highest permission level in an Okta org, with full privileges to administer both Okta and Okta Workflows. See Super administrators.

Only a super admin can assign the Workflows Administrator role.

Only a super admin can assign the Okta Workflows app to a user or group.

Workflows Administrator

This role is managed through the Okta Admin Console.

This role has full access to administer and view all of Okta Workflows. This includes permissions, settings, connections, folders, tables, flows, and execution history.

Users with this role can grant any Workflows-specific roles to users or groups assigned to the Okta Workflows app, except for the Workflows Administrator role. See Workflows Administrator.

Workflows Auditor

A read-only version of the Workflows Administrator role, with access to view everything in Okta Workflows.

This role is useful when a new admin is learning about Okta Workflows. They can learn about the product before being granted the full Workflows Administrator role.

In the Workflows Console, this role appears as Auditor on the Role assignments tab.

Connection Manager

This role has full access to create or modify any connections used by Okta Workflows.

The Connection Manager can view flows.

Unassigned User

This is a minimal-access role given by default to users or groups when the super admin assigns the Okta Workflows app.

If a super admin or Workflows Administrator revokes a higher-level role from a user or group, they automatically return to this role.

Hierarchy of Workflows administration roles

Diagram showing the hierarchy of access control levels. Super admin is above workflows administrator, which is above both workflows auditor and connection manager.

See Resource permissions for complete details of the associated permissions for these roles.

Related topics

Assign the Okta Workflows app

Synchronize Okta Workflows users and groups

Manage Workflows roles