Synchronize Okta Workflows users and groups
Early Access release. See Enable self-service features.
Users and groups gain access to Okta Workflows based on their assignment to the Okta Workflows app integration.
All accounts initially receive the Unassigned User role until granted a different role.
When you enable the RBAC feature, any super admins already assigned to the Okta Workflows app immediately transition to the Unassigned User role. This means that these existing super admins don't have any privileges in Okta Workflows until you provision these accounts.
-
Provisioning is handled automatically if you enable the Workflows Provisioning feature.
-
Otherwise the account must be manually provisioned. See Synchronize Okta Workflows users and groups.
Review the following to determine if you need to manually synchronize the users and groups from your Okta Universal Directory to Okta Workflows.
Users
Syncing a user account is required only for existing super admin accounts that had the Okta Workflows app before you enabled the role-based access control feature.
| State | Okta Workflows app already assigned to user | Action after enabling role-based access control |
|---|---|---|
|
New user |
No |
When you assign the Okta Workflows app to a new user, Okta automatically syncs the user account information downstream to Okta Workflows. See Assign the Okta Workflows app. |
|
Existing user |
No |
When you assign the Okta Workflows app to an existing user, Okta automatically syncs the user account information downstream to Okta Workflows. See Assign the Okta Workflows app. |
|
Existing user |
Yes |
For existing users that have the Okta Workflows app, you must manually sync the user account information downstream to Okta Workflows. Sync existing users using a Provision User action. See Sync a user account. |
Groups
To provision groups after enabling the role-based access control feature, use a Group Push operation. After the push group is created and provisioned to Okta Workflows, any future changes to the group membership are automatically synced.
| State | Okta Workflows app already assigned to group | Action after enabling role-based access control |
|---|---|---|
|
New group |
No |
Assign the Okta Workflows app to the new group. Create a push group for this group and manually sync the group information downstream to Okta Workflows using a Group Push action. See Sync a group. |
|
Existing group |
No |
Assign the Okta Workflows app to the existing group. Create a push group for this group and manually sync the group information downstream to Okta Workflows using a Group Push action. See Sync a group. |
|
Existing group |
Yes |
Create a push group for this group and manually sync the group information downstream to Okta Workflows using a Group Push action. See Sync a group. |