Mutual TLS (mTLS) authentication in Okta Workflows

Mutual TLS (mTLS) is an authentication method that lets Okta Workflows connect to external services that require both sides of a connection to verify their identity using digital certificates. Unlike OAuth or basic auth, mTLS uses cryptographic certificates instead of shared secrets or tokens. This makes it suitable for legacy systems and highly regulated environments that don't support modern protocols.

Note:

This feature is only available to orgs in federal cells.

How it works

The trust store acts as a secure management layer for the certificates required for mTLS authentication. When you upload a certificate to the trust store, you can select it when configuring a connection.

Get started

Setting up an mTLS connection requires the following steps:

Upload a Certificate Authority (CA) certificate to the trust store so that Okta Workflows can verify the identity of the external service. See Manage certificates in the trust store.
Create a connection in the API Connector using the mTLS auth type. See Create an mTLS connection.