Authorization (2024)

Table of Contents
Create a connection from the current Okta org Before you begin Authorize a connection Reauthorize a connection Authorize an account from another Okta org Create an OIDC web app in the target Okta org Configure the OIDC web app Authorize an account from the target Okta org Reauthorize a connection Related topics

Authorize this connector by creating a connection to your Okta account. You can reuse this connection the next time that you build a flow with this connector.

  • If you want to create a connection for the current Okta org, see Create a connection from the current Okta org.

  • If you want to create a connection to a different Okta org, see Authorize an account from another Okta org.

For additional information, see Guidance for Okta connector.

Create a connection from the current Okta org

Before you begin

  • You must be assigned to the Okta Workflows OAuth app.

  • The necessary scopes must be granted in the Okta Workflows OAuth app. See Grant or revoke scopes.

  • You must have super admin credentials.

    In addition to the initial authorization of the connector, reauthenticating this connection requires an account with super admin privileges.

  • You also need the following information for authorizing your Okta account:

    • Domain: The domain of your Okta org, without the https:// prefix or the -admin portion of the URL. For example, if your Okta Admin Console URL is https://yourcompany.okta.com, then your domain is yourcompany.okta.com.

    • Client ID and Client Secret: The client ID and client secret from your Okta Workflows OAuth app.

      You can retrieve these values through the Okta Workflows OAuth application:

      1. In the Admin Console, go to ApplicationsApplications.

      2. Open the Okta Workflows OAuth application.

      3. Click the Sign On tab and copy the Client ID and Client secret values in your Okta connection details.

Authorize a connection

  1. In the Okta Workflows Console, go to Connections.

  2. Click New Connection to see a list of all available connectors.

  3. Select the Okta connector.

  4. In the New Connection window, enter a Connection Nickname. This is the display name that appears in your connections list.

  5. Enter Domain, Client ID, and Client Secret values.

    See Also
    Okta Help Center (Lightning)Default Access Gateway credentials | OktaGive access to Okta SupportOverride a user name format

  6. Click the Permissions tab and choose either Use default scopes or Customize scopes (advanced).

    • Use default scopes: This option includes the scopes necessary to run any of the Okta connector cards.

    • Customize scopes (advanced): Choose this option if you want to customize the scopes for this connection. You can also Manually add scopes that aren't in the default scope list. The connection creation fails if you attempt to add an invalid scope, for example, a scope that doesn't exist.

    To grant scopes: Before you create the connection, grant those scopes in the Okta Workflows OAuth app and select the scopes here in the Permissions tab.

    To revoke scopes: Before you create the connection, revoke those scopes from the OAuth app or clear the selected scopes in the Permissions tab.

    If you don't grant the scopes in the OAuth app, you can create or reauthorize the connection, but it won't include those ungranted scopes.

    Attempting to execute a card without the required scopes results in an Insufficient Scope error.

  7. Click Create.

The new connection appears in the Connections list.

Reauthorize a connection

For an existing connection, you must reauthorize the connection to pick up any scope changes.

Reauthorizing any existing connection without changing scopes simply inherits the scopes of the previous authorization.

Authorize an account from another Okta org

To create a connection for an Okta org different from your current org, follow these steps:

  1. Create an OpenID Connect web app in the target Okta org.

  2. Configure the OpenID Connect web app.

  3. Authorize an account from the target Okta org.

If you want to create a connection for the current Okta org, see Create a connection from the current Okta org.

Create an OIDC web app in the target Okta org

  1. In the Admin Console, go to ApplicationsApplications.

  2. Click Create App Integration.

  3. In the Create a new app integration window, select OIDC - OpenID Connect for the Sign-on Method, and set the Application type to Web application.

  4. Click Next.

  5. On the New Web App Integration page, enter your Application name. This is the display name shown for your app.

  6. Enter the Sign-in redirect URIs for the app. Enter the URI for the location where the app resides, not the target org. For example, to connect to an Okta preview org from a production org, use https://oauth.workflows.okta.com/oauth/okta/cb.

    See Also
    Okta Mobile considerations | Okta

    Authorization (1)

  7. Click Save.

The app is created and appears on the Applications page.

Configure the OIDC web app

  1. In the Admin Console, go to ApplicationsApplications.

  2. Select your newly created application.

  3. On the General tab, click Edit.

  4. In the Allowed Grant Types list, select Refresh Token.

  5. Click Save.

  6. Select the Assignments tab, and then click Edit.

  7. Assign the app to the appropriate users. You can assign it to individual people or to groups.

    The user must have continuous super admin privileges.

  8. Save your assignments.

  9. On the Okta API Scopes tab, grant consent for the scopes required for your use cases. See Guidance for Okta connector.

    Authorization (2)

  10. Click Save.

The app is now configured and an assigned user can create a connection for this org.

Authorize an account from the target Okta org

Before you begin

  • You must be assigned to the OpenID Connect web app created in the previous procedures.

  • The necessary scopes must be granted in the Okta Workflows OAuth app. See Grant or revoke scopes.

  • You must have super admin credentials.

    In addition to the initial authorization of the connector, reauthenticating this connection requires an account with super admin privileges.

  • You also need the following information for authorizing your Okta account:

    • Domain: The domain of your Okta org, without the https:// prefix or the -admin portion of the URL. For example, if your Okta Admin Console URL is https://yourcompany.okta.com, then your domain is yourcompany.okta.com.

    • Client ID and Client Secret: These are the client ID and client secret values found in your OpenID Connect app. To find these values:

      1. In the Admin Console, go to ApplicationsApplications.

      2. Open the Your OpenID Connect web app application.

      3. Click the Sign On tab and copy the Client ID and Client secret values in your connection details.

Procedure

  1. In the Okta Workflows Console, go to Connections.

  2. Click New Connection to see a list of all available connectors.

  3. Select the Okta connector.

  4. In the New Connection window, enter the Connection Nickname. This is the display name that appears in your connections list.

  5. Enter Domain, Client ID, and Client Secret values.

  6. Click the Permissions tab and choose either Use default scopes or Customize scopes (advanced).

    • Use default scopes: This option includes the scopes necessary to run any of the Okta connector cards.

    • Customize scopes (advanced): Choose this option if you want to customize the scopes for this connection. You can also Manually add scopes that aren't in the default scope list. The connection creation fails if you attempt to add an invalid scope, for example, a scope that doesn't exist.

    To grant scopes: Before you create the connection, grant those scopes in the Okta Workflows OAuth app and select the scopes here in the Permissions tab.

    To revoke scopes: Before you create the connection, revoke those scopes from the OAuth app or clear the selected scopes in the Permissions tab.

    If you don't grant the scopes in the OAuth app, you can create or reauthorize the connection, but it won't include those ungranted scopes.

    Attempting to execute a card without the required scopes results in an Insufficient Scope error.

  7. Click Create.

The new connection appears in the Connections list.

Reauthorize a connection

For an existing connection, you must reauthorize the connection to pick up any scope changes.

Reauthorizing any existing connection without changing scopes simply inherits the scopes of the previous authorization.

Related topics

Okta connector

Workflow elements

Guidance for Okta connector

Okta API documentation

Authorization (2024)
Top Articles
Mastering the Order Types: Limit Orders
GapUp or GapDn Stop loss hits or not
Omega Pizza-Roast Beef -Seafood Middleton Menu
Mickey Moniak Walk Up Song
The Largest Banks - ​​How to Transfer Money With Only Card Number and CVV (2024)
Immobiliare di Felice| Appartamento | Appartamento in vendita Porto San
Wmu Course Offerings
Konkurrenz für Kioske: 7-Eleven will Minisupermärkte in Deutschland etablieren
CSC error CS0006: Metadata file 'SonarAnalyzer.dll' could not be found
Day Octopus | Hawaii Marine Life
Chastity Brainwash
Robert Malone é o inventor da vacina mRNA e está certo sobre vacinação de crianças #boato
Los Angeles Craigs List
Vcuapi
N2O4 Lewis Structure & Characteristics (13 Complete Facts)
Water Trends Inferno Pool Cleaner
[Cheryll Glotfelty, Harold Fromm] The Ecocriticism(z-lib.org)
Quick Answer: When Is The Zellwood Corn Festival - BikeHike
Military life insurance and survivor benefits | USAGov
Bellin Patient Portal
Kitchen Exhaust Cleaning Companies Clearwater
Speechwire Login
Chelsea Hardie Leaked
What we lost when Craigslist shut down its personals section
Duke Energy Anderson Operations Center
Missing 2023 Showtimes Near Grand Theatres - Bismarck
Mta Bus Forums
Captain Billy's Whiz Bang, Vol 1, No. 11, August, 1920
America's Magazine of Wit, Humor and Filosophy
Google Flights Orlando
This 85-year-old mom co-signed her daughter's student loan years ago. Now she fears the lender may take her house
Tsbarbiespanishxxl
Cpmc Mission Bernal Campus & Orthopedic Institute Photos
Weather In Allentown-Bethlehem-Easton Metropolitan Area 10 Days
Tfn Powerschool
Exam With A Social Studies Section Crossword
UT Announces Physician Assistant Medicine Program
Po Box 101584 Nashville Tn
What is a lifetime maximum benefit? | healthinsurance.org
Frequently Asked Questions
Minecraft: Piglin Trade List (What Can You Get & How)
Automatic Vehicle Accident Detection and Messageing System – IJERT
Barback Salary in 2024: Comprehensive Guide | OysterLink
Cryptoquote Solver For Today
Wrentham Outlets Hours Sunday
Sleep Outfitters Springhurst
Congressional hopeful Aisha Mills sees district as an economical model
sin city jili
Chitterlings (Chitlins)
BYU Football: Instant Observations From Blowout Win At Wyoming
How Did Natalie Earnheart Lose Weight
When Is The First Cold Front In Florida 2022
Latest Posts
Introduction to Azure Data Factory - Azure Data Factory
What Is A Limit Order? How Does It Work?
Article information

Author: Kimberely Baumbach CPA

Last Updated:

Views: 5791

Rating: 4 / 5 (61 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Kimberely Baumbach CPA

Birthday: 1996-01-14

Address: 8381 Boyce Course, Imeldachester, ND 74681

Phone: +3571286597580

Job: Product Banking Analyst

Hobby: Cosplaying, Inline skating, Amateur radio, Baton twirling, Mountaineering, Flying, Archery

Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.