Jump to a Section

Overview

Authorize an account from the current Okta org

This procedure explains how to create a new connection for your current Okta org. This is the Okta org you used to launch this Workflows environment.

If you want to create a new connection for a different Okta org, see the section Authorize an account from another Okta org below.

Requirements

To perform this procedure:

  • You must be assigned to the Okta Workflows OAuth app.
  • You must have Super Admin credentials.

You also need the following information for authorizing your Okta account:

  • Domain: Your Okta org domain. If the URL of your Okta org is https://yourcompany.okta.com, then your domain is yourcompany.okta.com.
  • Client ID and Client Secret: The client ID and client secret from your Okta Workflows OAuth app. To find this, go to Okta Admin Console > Applications > Okta Workflows OAuth app > Sign On tab > Sign On Methods.

Procedure

Back in Okta Workflows Console,

  1. Go to Settings.
  2. Click +New Connection. All available connectors appear.
  3. Select the Okta connector. New Connection window appears.
  4. In the New Connection window, enter the Connection Nickname. This is the display name you want to appear in your list of connections.
  5. Enter Domain, Client ID, and Client Secret.
  6. Click Create. The new connection appears in the Connections list.

Authorize an account from another Okta org

This procedure explains how to create a new connection for an Okta org different from your current org.

If you want to create a new connection for the current Okta org, see the section Authorize an account from the current Okta org.

This task includes the following procedures:

  1. Create an OpenID Connect web app in the target Okta org
  2. Configure the OpenID Connect web app
  3. Authorize an account from the target Okta org

Procedure

1. Create an OpenID Connect web app in the target Okta org

In the Okta Admin console of your target Okta org,

  1. Go to Applications > Applications > Add Application.
  2. Click Create New App. Create New App pop-up window appears.
  3. In the window, select Platform as Web and Sign-on Method as OpenID Connect. Create OpenID Connect Integration page appears.
  4. On the page, enter your Application name. This is the app display name.
  5. Enter the Login Redirect URI for the app.
    • For Preview org, enter https://oauth.workflows.oktapreview.com/oauth/okta/cb.
    • For Production org, enter https://oauth.workflows.okta.com/oauth/okta/cb.
  6. Click Save.

The app is created and appears on the Applications page.

2. Configure the OpenID Connect web app

In the Okta Admin console,

  1. Go to Applications > Applications.
  2. Select your newly created application.
  3. On the General tab, click Edit.
  4. In the Allowed Grant Types list, select Refresh Token.
  5. Click Save.
  6. Select the Assignments tab, and then click Edit.
  7. Assign the app to the appropriate users. You can assign it to individual people or to groups. Note: The user must be a Super Admin.
  8. Save your assignments.
  9. On the Okta API Scopes tab, grant consent for the scopes required for your use cases.
  10. Click Save.

The app is now configured and an assigned user can create a new connection for this org.

3. Authorize an account from the target Okta org

Requirements

To perform this procedure:

  • You must be assigned to the OpenID Connect web app created in the previous procedures.
  • You must have Super Admin credentials.

You also need the following information for authorizing your Okta account:

  • Domain: Your Okta org domain. If the URL of your Okta org is https://yourcompany.okta.com, then your domain is yourcompany.okta.com.
  • Client ID and Client Secret: The client ID and client secret from your OAuth2 app. To find this, go to Okta Admin Console > Applications > Your OpenID Connect web app > Sign On tab > Sign On Methods.

Back in the Okta Workflows Console,

  1. Go to Settings.
  2. Click +New Connection. All available connectors appear.
  3. Select the Okta connector. New Connection window appears.
  4. In the New Connection window, enter the Connection Nickname. This is the display name you want to appear in your list of connections.
  5. Enter Domain, Client ID, and Client Secret.
  6. Click Create.

The new connection appears in the Connections list.


Scopes for the Okta connector

Grant scopes in the Okta Workflows OAuth

In the Okta Workflows Console, 1. Go to Applications > the Okta Workflows OAuth app > Okta API Scopes. A list of available scopes appears. 2. Click the Grant button for the scope(s) you want to grant. A success message appears.

List of available scopes in the Okta connector

Scopes with an asterisk are not configurable thorugh the Okta Workflows OAuth app.

  • openid*
  • profile*
  • email*
  • phone*
  • address*
  • groups*
  • offline_access*
  • okta.apps.manage
  • okta.apps.read
  • okta.clients.manage
  • okta.clients.read
  • okta.clients.register
  • okta.eventHooks.manage
  • okta.eventHooks.read
  • okta.events.read
  • okta.factors.manage
  • okta.factors.read
  • okta.groups.manage
  • okta.groups.read
  • okta.idps.manage
  • okta.idps.read
  • okta.inlineHooks.manage
  • okta.inlineHooks.read
  • okta.linkedObjects.manage
  • okta.linkedObjects.read
  • okta.logs.read
  • okta.policies.manage
  • okta.policies.read
  • okta.roles.manage
  • okta.roles.read
  • okta.schemas.manage
  • okta.schemas.read
  • okta.users.manage
  • okta.users.read

    Events

    • API Token Created

      Trigger a Flow when an API token is created in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Actor (object):
        • ID: ID of Okta actor who created the API token
        • Alternate ID: email address of the Okta actor
        • Display Name: display name of the Okta actor
        • Type: type of Okta actor
      • API Token (object):
        • ID: ID of the API token
        • Alternate ID: email address or alternate ID that is asssigned to the API token
        • Display Name: display name for the API token
        • Type: type of API token
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • API Token Revoked

      Trigger a Flow when an API token is revoked in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Actor (object):
        • ID: ID of Okta actor who revoked the API token
        • Alternate ID: email address of the Okta actor
        • Display Name: display name of the Okta actor
        • Type: type of Okta actor
      • API Token (object):
        • ID: ID of the API token
        • Alternate ID: email address or alternate ID that is asssigned to the API token
        • Display Name: display name for the API token
        • Type: type of API token
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Import Process Completed

      Trigger a Flow when an import process is completed in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Actor (object):
        • ID: ID of Okta actor who is associated with the import process
        • Alternate ID: email address of the Okta actor
        • Display Name: display name of the Okta actor
        • Type: type of Okta actor
      • Application (object):
        • ID: ID of the Okta application
        • Alternate ID: email address of the Okta application
        • Display Name: display name of the Okta application
        • Type: type of Okta application
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Import Started

      Trigger a Flow when an import process is started in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Actor (object):
        • ID: ID of Okta actor who started the import process
        • Alternate ID: email address of the Okta actor
        • Display Name: display name of the Okta actor
        • Type: type of Okta actor
      • Application (object):
        • ID: ID of the Okta application
        • Alternate ID: email address of the Okta application
        • Display Name: display name of the Okta application
        • Type: type of Okta application
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Policy Activated

      Trigger a Flow when a policy is activated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time when policy was activated in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who activated the policy
        • ID: unique identifier of Okta admin who activated the policy
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: Okta admin’s role type
      • Policy (object)
        • ID: unique identifier of the Okta policy
        • Alternate ID: alternate ID of the Okta policy
        • Display Name: display name of the activated Okta policy
        • Type: policy type specification when creating a new policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory. For this event, the value is PolicyEntity.
        • Policy Type: type of policy. Valid types include OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, OAUTH_AUTHORIZATION_POLICY, IDP_DISCOVERY
      • UUID: webhook event’s universal unique identifier
      • Debug Context (object)
        • Debug Data: miscellaneous information on the triggered event used for debugging. For example, returned data can include a URI, an SMS provider, or transaction ID.
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Policy Deactivated

      Trigger a Flow when a policy is deactivated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time when the policy was deactivated in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who deactivated the policy
        • ID: unique identifier of Okta admin who deactivated the policy
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: Okta admin’s role type
      • Policy (object)
        • ID: unique identifier of the Okta policy
        • Alternate ID: alternate ID of the Okta policy
        • Display Name: display name of the deactivated Okta policy
        • Type: policy type specification for the policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
        • Policy Type: type of policy. Valid types include OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, OAUTH_AUTHORIZATION_POLICY, IDP_DISCOVERY
      • UUID: webhook event’s universal unique identifier
      • Debug Context (object)
        • Debug Data: miscellaneous information on the triggered event used for debugging. For example, returned data can include a URI, an SMS provider, or transaction ID.
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Policy Rule Added

      Trigger a Flow when a policy rule is added in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time when the policy rule was added in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who added the policy rule
        • ID: unique identifier of Okta admin who added the policy rule
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: Okta admin’s role type
      • Policy (object)
        • ID: unique identifier of the Okta policy containing the new rule
        • Alternate ID: alternate ID of the Okta policy containing the new rule
        • Display Name: display name of the policy containing the new rule
        • Type: policy type specification for the policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
        • Policy Type: type of policy. Valid types include OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, OAUTH_AUTHORIZATION_POLICY, IDP_DISCOVERY
      • Policy Rule (object)
        • ID: unique identifier of the new policy rule
        • Alternate ID: alternate ID of the policy rule
        • Display Name: display name of the new policy rule
        • Type: policy type specification for the policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
      • UUID: webhook event’s universal unique identifier
      • Debug Context (object)
        • Debug Data: miscellaneous information on the triggered event used for debugging. For example, returned data can include a URI, an SMS provider, or transaction ID.
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Policy Rule Deactivated

      Trigger a Flow when a policy rule is deactivated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time when the policy rule was deactivated in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who deactivated the policy rule
        • ID: unique identifier of Okta admin who deactivated the policy rule
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: Okta admin’s role type
      • Policy (object)
        • ID: unique identifier of the Okta policy containing the deactivated rule
        • Alternate ID: alternate ID of the Okta policy containing the deactivated rule
        • Display Name: display name of the policy containing the deactivated rule
        • Type: policy type specification for the policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
        • Policy Type: type of policy. Valid types include OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, OAUTH_AUTHORIZATION_POLICY, IDP_DISCOVERY
      • Policy Rule (object)
        • ID: unique identifier of the deactivated policy rule
        • Alternate ID: alternate ID of the deactivated policy rule
        • Display Name: display name of the deactivated policy rule
        • Type: policy type specification for the policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
      • UUID: webhook event’s universal unique identifier
      • Debug Context (object)
        • Debug Data: miscellaneous information on the triggered event used for debugging. For example, returned data can include a URI, an SMS provider, or transaction ID.
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Policy Rule Updated

      Trigger a Flow when a policy rule is updated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time when the policy rule was updated in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who updated the policy rule
        • ID: unique identifier of Okta admin who updated the policy rule
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: Okta admin’s role type
      • Policy (object)
        • ID: unique identifier of the Okta policy containing the updated rule
        • Alternate ID: alternate ID of the Okta policy containing the updated rule
        • Display Name: display name of the policy containing the updated rule
        • Type: policy type specification for the policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
        • Policy Type: type of policy. Valid types include OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, OAUTH_AUTHORIZATION_POLICY, IDP_DISCOVERY
      • Policy Rule (object)
        • ID: unique identifier of the updated policy rule
        • Alternate ID: alternate ID of the updated policy rule
        • Display Name: display name of the updated policy rule
        • Type: policy type specification for the policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
      • UUID: webhook event’s universal unique identifier
      • Debug Context (object)
        • Debug Data: miscellaneous information on the triggered event used for debugging. For example, returned data can include a URI, an SMS provider, or transaction ID.
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Policy Updated

      Trigger a Flow when a policy is updated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time when policy was updated in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who updated the policy
        • ID: unique identifier of Okta admin who updated the policy
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: Okta admin’s role type
      • Policy (object)
        • ID: unique identifier of the updated Okta policy
        • Alternate ID: alternate ID of the updated Okta policy
        • Display Name: display name of the updated Okta policy
        • Type: policy type specification for a policy. Specification pertains to source of user-specific data. Valid types include default, legacy, and Active Directory.
        • Policy Type: type of policy. Valid types include OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, OAUTH_AUTHORIZATION_POLICY, IDP_DISCOVERY
      • UUID: webhook event’s universal unique identifier
      • Debug Context (object)
        • Debug Data: miscellaneous information on the triggered event used for debugging. For example, returned data can include a URI, an SMS provider, or transaction ID.
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Suspicious Activity Reported

      Trigger a Flow when suspicious activity is reported in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the webhook event was published
      • Name: name of the user who reported suspicious activity
      • Email: email address of the user
      • User ID: ID of the user
      • Suspicious Activity Details: details about the suspicious activity reported
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Sync User in External Application

      Trigger a Flow when when admin sync users from external application to Okta.

      Unless otherwise indicated, field types are text.

      Options

      • Use App Instance ID? (dropdown): Choose from Yes or No. If yes, you can select application instance directly through the App Instance ID field.
      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.
        • Note: The dropdown only displays 1000 apps.
      • Application Instance (dropdown): Choose from a list of existing application instances, dependent on the Application chosen in the previous step.
        • Note: The dropdown only displays 2000 app instances. This event will only trigger for the selected application instance. If you do not see your application instance in the list use the Use App Instance ID? dropdown list and the App Instance ID field to be able to trigger the event for a specific application instance.
      • Application Instance ID: unique app instance id
        • Note: Choose Yes in the Use App Instance ID? dropdown list to interact with your application instance directly through its id.

      How to find the Application Instance ID for an app

      1. Go to Okta Admin Console > Applications.
      2. Click your app. The app page opens.
      3. Check the page URL.
        • You can find the app id using this URL pattern: https://yourcompany.okta.com/admin/app/yourappname/instance/YOURAPPINSTANCEID/.
        • For example, https://acme.okta.com/admin/app/office365/instance/0oahjhk34aUxGnWcZ0h7/. Here 0oahjhk34aUxGnWcZ0h7 is the app instance id.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who synced the user
        • ID: ID of Okta admin who synced the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: type of the Okta admin
      • Okta User (object): Okta user who was synced
        • ID: ID of the Okta user who was synced
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of the Okta user
      • Application User (object): target application’s user details
        • ID: user’s ID in the target application
        • Alternate ID: user’s alternate ID in the target application (usually their email address)
        • Display Name: display name of the application user
        • Type: type of the application user
      • Application (object): target application
        • ID: ID of the target application
        • Alternate ID: alternate ID of the target application
        • Display Name: display name of the target application
        • Type: type of the application
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API

      Context

      • Execution ID: unique identifier associated with the execution of the Flow
    • User Activated

      Trigger a Flow when a user is activated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time that the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service.
      • Version: versioning indicator
      • Admin (object): Okta admin who provisioned the user
        • ID: ID of the Okta Admin
        • Alternate ID: email address of the Okta Admin
        • Display Name: display name of the Okta Admin
      • Okta User (object): the Okta user who was added to the application
        • ID: ID of the Okta user
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identified
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Added to Group

      Trigger a Flow when a user is assigned to a group in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who provisioned the user
        • ID: ID of Okta admin who provisioned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was added to the group
        • ID: ID of the Okta user who was added to the group
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • Group (object): target group that the user was assigned to
        • ID: ID of the target group
        • Alternate ID: alternate ID of the target group
        • Display Name: display name of the target group
      • User Groups (list of objects): if the user is a member of multiple groups, the following fields are returned for each group
        • ID: ID of the group that the user belongs to
        • Name: name of the group that the user belongs to
        • Description: description of the group that the user belongs to
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User App Password Changed

      Trigger a Flow when a user’s app password is changed.

      Unless otherwise indicated, field types are text.

      Options

      • Use App Instance ID? (dropdown): Choose from Yes or No. If yes, you can select application instance directly through the App Instance ID field.
      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.
        • Note: The dropdown only displays 1000 apps.
      • Application Instance (dropdown): Choose from a list of existing application instances, dependent on the Application chosen in the previous step.
        • Note: The dropdown only displays 2000 app instances. This event will only trigger for the selected application instance. If you do not see your application instance in the list use the Use App Instance ID? dropdown list and the App Instance ID field to be able to trigger the event for a specific application instance.
      • Application Instance ID: unique app instance id
        • Note: Choose Yes in the Use App Instance ID? dropdown list to interact with your application instance directly through its id.

      How to find the Application Instance ID for an app

      1. Go to Okta Admin Console > Applications.
      2. Click your app. The app page opens.
      3. Check the page URL.
        • You can find the app id using this URL pattern: https://yourcompany.okta.com/admin/app/yourappname/instance/YOURAPPINSTANCEID/.
        • For example, https://acme.okta.com/admin/app/office365/instance/0oahjhk34aUxGnWcZ0h7/. Here 0oahjhk34aUxGnWcZ0h7 is the app instance id.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who changed the user’s password
        • ID: ID of Okta admin who changed the user’s password
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: type of the Okta admin
      • Okta User (object): Okta user whose password was changed
        • ID: ID of the Okta user whose password was changed
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of the Okta user
      • Application User (object): target application’s user details
        • ID: user’s ID in the target application
        • Alternate ID: user’s alternate ID in the target application (usually their email address)
        • Display Name: display name of the application user
        • Type: type of the application user
      • Application (object): target application
        • ID: ID of the target application
        • Alternate ID: alternate ID of the target application
        • Display Name: display name of the target application
        • Type: type of the application
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API

      Context

      • Execution ID: unique identifier associated with the execution of the Flow
    • User Assigned to Application

      Trigger a Flow when a user is assigned to an application in Okta.

      Unless otherwise indicated, field types are text.

      Options

      • Use App Instance ID? (dropdown): Choose from Yes or No. If yes, you can select application instance directly through the App Instance ID field.
      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.
        • Note: The dropdown only displays 1000 apps.
      • Application Instance (dropdown): Choose from a list of existing application instances, dependent on the Application chosen in the previous step.
        • Note: The dropdown only displays 2000 app instances. This event will only trigger for the selected application instance. If you do not see your application instance in the list use the Use App Instance ID? dropdown list and the App Instance ID field to be able to trigger the event for a specific application instance.
      • Application Instance ID: unique app instance id
        • Note: Choose Yes in the Use App Instance ID? dropdown list to interact with your application instance directly through its id.

      How to find the Application Instance ID for an app

      1. Go to Okta Admin Console > Applications.
      2. Click your app. The app page opens.
      3. Check the page URL.
        • You can find the app id using this URL pattern: https://yourcompany.okta.com/admin/app/yourappname/instance/YOURAPPINSTANCEID/.
        • For example, https://acme.okta.com/admin/app/office365/instance/0oahjhk34aUxGnWcZ0h7/. Here 0oahjhk34aUxGnWcZ0h7 is the app instance id.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who assigned the user
        • ID: ID of Okta admin who assigned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: type of the Okta admin
      • Okta User (object): Okta user who was assigned to the application
        • ID: ID of the Okta user who was assigned to the application
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of the Okta user
      • Application User (object): target application’s user details
        • ID: user’s ID in the target application
        • Alternate ID: user’s alternate ID in the target application (usually their email address)
        • Display Name: display name of the application user
        • Type: type of the application user
      • Application (object): target application
        • ID: ID of the target application
        • Alternate ID: alternate ID of the target application
        • Display Name: display name of the target application
        • Type: type of the application
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API

      Context

      • Execution ID: unique identifier associated with the execution of the Flow
    • User Created

      Trigger a Flow when a user is assigned to an application in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who created the user
        • ID: ID of Okta admin who created the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was created
        • ID: ID of the Okta user who was created
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Deactivated

      Trigger a Flow when a user is deactivated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who deactivated the user
        • ID: ID of Okta admin who deactivated the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was deactivated
        • ID: ID of the Okta user who was deactivated
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Deleted

      Trigger a Flow when a user is deleted in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object: Okta admin who deleted the user
        • ID: ID of Okta admin who deleted the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was deleted
        • ID: ID of the Okta user who was deleted
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Okta Password Reset by an Admin

      Trigger a Flow when an user’s Okta password is reset by an Okta admin.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object):
        • ID: ID of Okta admin who reset the user’s password
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: type of Okta admin
      • Okta User (object):
        • ID: ID of Okta user whose password was reset
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Okta Password Updated

      Trigger a Flow when an user’s Okta password is updated.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Actor (object):
        • ID: ID of Okta actor who performed the password update
        • Alternate ID: email address of the Okta actor
        • Display Name: display name of the Okta actor
        • Type: type of Okta actor
      • Okta User (object):
        • ID: ID of Okta user whose password was updated
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Okta Profile Updated

      Trigger a Flow when an user’s Okta profile is updated.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Legacy Event Type: type of legacy event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • UUID: webhook event’s universal unique identifier
      • Severity: severity of the event; options are DEBUG, INFO, WARN, or ERROR
      • Result: outcome of the update; options are SUCCESS, FAILURE,SKIPPED,ALLOW,DENY,CHALLENGE,UNKNOWN`
      • Changed Attributes: list of attributes that were updated
      • Actor (object):
        • ID: ID of Okta actor who performed the update
        • Alternate ID: email address of the Okta actor
        • Display Name: display name of the Okta actor
        • Type: type of Okta actor
      • Okta User (object):
        • ID: ID of Okta user whose profile was updated
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of Okta user
      • Client (object): client that requested the update
      • Transaction (object): transaction details for the update
      • Debug Context
        • Debug Data (object): debug request data for the update
      • Authentication Context (object): authentication data for the update; includes the update’s remote address and session ID
      • Security Context (object): security data for the update
      • Headers (object): type of header for the update
    • User Reactivated

      Trigger a Flo when a user is reactivated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who reactivated the user
        • ID: ID of Okta admin who deactivated the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: type of the Okta admin
      • Okta User (object): Okta user who was deactivated
        • ID: ID of the Okta user who was deactivated
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API

      Context

      • Execution ID: unique identifier associated with the execution of the Flo
    • User Removed from Group

      Trigger a Flow when a user is removed from a group in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who unassigned the user
        • ID: ID of Okta admin who unassigned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was unassigned from the group
        • ID: ID of the Okta user who was unassigned from the group
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • Group (object): target group that the user was unassigned from
        • ID: ID of the target group
        • Alternate ID: alternate ID of the target group
        • Display Name: display name of the target group
      • User Groups (list of objects): if the user is a member of multiple groups, the following fields are returned for each group
        • ID: ID of the group that the user belongs to
        • Name: name of the group that the user belongs to
        • Description: description of the group that the user belongs to
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Signed In

      Trigger a Flow when a user signs into Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Actor (object):
        • ID: ID of Okta user who signed in
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Signed Out

      Trigger a Flow when a user signs out from Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Actor (object):
        • ID: ID of Okta user who signed out
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Suspended

      Trigger a Flow when a user is suspended in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who suspended the user
        • ID: ID of Okta admin who suspended the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was suspended
        • ID: ID of the Okta user who was suspended
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Unassigned from Application

      Trigger a Flow when a user is unassigned from an application in Okta.

      Unless otherwise indicated, field types are text.

      Options

      • Use App Instance ID? (dropdown): Choose from Yes or No. If yes, you can select application instance directly through the App Instance ID field.
      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.
        • Note: The dropdown only displays 1000 apps.
      • Application Instance (dropdown): Choose from a list of existing application instances, dependent on the Application chosen in the previous step.
        • Note: The dropdown only displays 2000 app instances. This event will only trigger for the selected application instance. If you do not see your application instance in the list use the Use App Instance ID? dropdown list and the App Instance ID field to be able to trigger the event for a specific application instance.
      • Application Instance ID: unique app instance id
        • Note: Choose Yes in the Use App Instance ID? dropdown list to interact with your application instance directly through its id.

      How to find the Application Instance ID for an app

      1. Go to Okta Admin Console > Applications.
      2. Click your app. The app page opens.
      3. Check the page URL.
        • You can find the app id using this URL pattern: https://yourcompany.okta.com/admin/app/yourappname/instance/YOURAPPINSTANCEID/.
        • For example, https://acme.okta.com/admin/app/office365/instance/0oahjhk34aUxGnWcZ0h7/. Here 0oahjhk34aUxGnWcZ0h7 is the app instance id.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who unassigned the user
        • ID: ID of Okta admin who unassigned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
        • Type: type of the Okta admin
      • Okta User (object): Okta user who was unassigned from the application
        • ID: ID of the Okta user who was unassigned from the application
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
        • Type: type of the Okta user
      • Application User (object): target application’s user details
        • ID: user’s ID in the target application
        • Alternate ID: user’s alternate ID in the target application (usually their email address)
        • Display Name: display name of the application user
        • Type: type of the application user
      • Application (object): target application
        • ID: ID of the target application
        • Alternate ID: alternate ID of the target application
        • Display Name: display name of the target application
        • Type: type of the application
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API

      Context

      • Execution ID: unique identifier associated with the execution of the Flow
    • User Unsuspended

      Trigger a Flow when a user is unsuspended in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who unsuspended the user
        • ID: ID of Okta admin who unsuspended the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was unsuspended
        • ID: ID of the Okta user who was unsuspended
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API

    Actions

    • Activate User

      Activate an Okta user by ID or username.

      Required fields are indicated by a red asterisk on the Action Card.

      Options

      • Send Email? (dropdown):
        • Yes
        • No

      Input

      • User
        • ID or Login (text): ID or login username of the Okta user (usually in an email format)

      Output

      • Response
        • Status Code (number): success or failure of your HTTP request. Here is a list of all status codes.
      • Activation (if No is selected from Send Email? dropdown)
        • Token (text): access token issued to the activated user
        • Url (text): link to trigger a user activation
    • Add New User to Group

      Add a new Okta user to a group.

      Unless otherwise indicated, field types are text.

      Input

      • Group
        • ID: ID of the Okta group
      • User
        • ID: ID of the Okta user

      Output

      • Result
        • Status (number): status code returned by the API:
          • 204: Successful addition
          • 404: Invalid ID–either the ID is incorrect or that user has already been added
    • Assign User to an App for SSO

      Assign a user without a profile to an app for SSO in Okta.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Application (dropdown): Choose an app to which you want to assign the user. Choose Enter Application ID to select an app by its ID.

      Note: The dropdown only displays 1000 apps and 2000 app instances.

      Input

      • User

        • User ID (text): Unique identification of the user.
        • Scope (dropdown): Select the user’s scope from User, Co-admin, and Admin.
      • Credentials

        • Username (text): Username of the user.
        • Password (text): Password of the user.

      Output

      Profile Properties

      • Formatted (text):
      • Name (text): User’s full name.
      • Nickname (text): User’s nickname.
      • Given Name (text): User’s first name.
      • Middle Name (text): User’s middle name.
      • Family Name (text): User’s last name or family name.
      • Email (text): User’s primary email.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Picture Url (text): URL of the user’s online picture.
      • Website (text): URL of the user’s website.
      • Gender (text): User’s gender.
      • Birthdate (text): User’s birthdate.
      • Time Zone (text): User’s time zone.
      • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
      • Phone Number (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address.
      • Locality (text): Locality component of the user’s address.
      • Region (text): Region component of the user’s address.
      • Postal Code (text): Zip code or postal code component of user’s address.
      • Country (text): Country component of the user’s address.

      System Properties

      • User ID (text): Unique identification of the user.
      • External ID (text): External identification of the user.
      • Created (text): Timestamp when the user was created.
      • Last Updated (text): Timestamp when the user was last updated.
      • Scope (text): Scope of the user.
      • Status (text): Current status of the user.
      • Status Changed (text): Timestamp when the user’s status was changed.
      • Password Changed (text): Timestamp when the user’s password was changed.
      • Sync State (text): Current sync state of the user.
      • Last Sync (text): Timestamp when the last sync happened.
      • Credentials
        • Username (text): Username of the user.
        • Password (text): Password of the user.
    • Assign User to an App for SSO and Provisioning

      Assign a user to an app with credentials and an app-specific profile. Profile mappings defined for the app are first applied before applying any profile properties specified in the request.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Application (dropdown): Choose an app to which you want to assign the user. Choose Enter Application ID to select an app by its ID.

      Note: The dropdown only displays 1000 apps and 2000 app instances.

      Input

      • User

        • User ID (text): Unique identification of the user.
        • Scope (dropdown): Select the user’s scope from User, Co-admin, and Admin.
      • Credentials

        • Username (text): Username of the user.
        • Password (text): Password of the user.

      Profile Properties

      • Formatted (text):
      • Name (text): User’s full name.
      • Nickname (text): User’s nickname.
      • Given Name (text): User’s first name.
      • Middle Name (text): User’s middle name.
      • Family Name (text): User’s last name or family name.
      • Email (text): User’s primary email.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Picture Url (text): URL of the user’s online picture.
      • Website (text): URL of the user’s website.
      • Gender (text): User’s gender.
      • Birthdate (text): User’s birthdate.
      • Time Zone (text): User’s time zone.
      • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
      • Phone Number (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address.
      • Locality (text): Locality component of the user’s address.
      • Region (text): Region component of the user’s address.
      • Postal Code (text): Zip code or postal code component of user’s address.
      • Country (text): Country component of the user’s address.

      Output

      Profile Properties

      • Formatted (text):
      • Name (text): User’s full name.
      • Nickname (text): User’s nickname.
      • Given Name (text): User’s first name.
      • Middle Name (text): User’s middle name.
      • Family Name (text): User’s last name or family name.
      • Email (text): User’s primary email.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Picture Url (text): URL of the user’s online picture.
      • Website (text): URL of the user’s website.
      • Gender (text): User’s gender.
      • Birthdate (text): User’s birthdate.
      • Time Zone (text): User’s time zone.
      • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
      • Phone Number (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address.
      • Locality (text): Locality component of the user’s address.
      • Region (text): Region component of the user’s address.
      • Postal Code (text): Zip code or postal code component of user’s address.
      • Country (text): Country component of the user’s address.

      System Properties

      • User ID (text): Unique identification of the user.
      • External ID (text): External identification of the user.
      • Created (text): Timestamp when the user was created.
      • Last Updated (text): Timestamp when the user was last updated.
      • Scope (text): Scope of the user.
      • Status (text): Current status of the user.
      • Status Changed (text): Timestamp when the user’s status was changed.
      • Password Changed (text): Timestamp when the user’s password was changed.
      • Sync State (text): Current sync state of the user.
      • Last Sync (text): Timestamp when the last sync happened.
      • Credentials
        • Username (text): Username of the user.
        • Password (text): Password of the user.
    • Clear User Sessions

      Remove all active identity provider sessions. This forces the user to authenticate on the next operation. It optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.

      Required fields are indicated in red.

      Input

      • User
        • User ID (text): Unique identification of the user.
        • Revoke oauthTokens? (true/false): Revoke OAuth tokens if true.

      Output

      • Status Code (number): Status code returned by the Okta API.
    • Create User

      Create a new user in Okta. This action commonly follows an event like User is Added to Application Membership.

      Unless otherwise indicated, field types are text.

      Options

      • without Credentials
      • with Recovery Question
      • with Password
      • with Password & Recovery Questions
      • with Authentication Provider
      • in Group

      Note: When you use a Group ID that corresponds to the default Everyone group in your Okta org, a 501 Not Implemented error occurs. This is expected behavior. All users within an Okta org are automatically added to the default Everyone group.

      For more detail on these options, or additional info regarding creating users in Okta, reference this documentation.

      Input

      Input fields vary by option but will always include the mandatory Okta profile attributes: Username, First Name, Last Name, and Primary Email. Required fields are indicated by a red asterisk.

      • Profile
        • Username: username of the Okta user, in email address format
        • First Name: first name of the Okta user
        • Last Name: last name of the Okta user
        • Primary email: primary email address of the Okta user
      • Credentials
        • Question: password recovery question (must be specified if Answer is specified)
        • Answer: answer to the password recovery question (must be specified if Question is specified)
        • Password: password that meets minimum criteria (see documentation)
        • Provider Name: name of the identity provider. Note that you must specify the directory instance name for  ACTIVE_DIRECTORY or LDAP providers.
        • Provider Type (drop-down list): identity provider type
      • Activate
        • Activate (boolean): user is activated upon creation (see documentation)

      Output

      • Results
        • Raw Body (object): raw payload returned from the Okta API
        • ID: ID of the user created in Okta
        • Status: current status of the user (STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED)
        • Created (date): timestamp when the user was created
        • Activated (boolean): timestamp when transition to ACTIVE status completed
        • Status Changed (date): date that the user’s status changed
        • Last Login (date): timestamp of the user’s last login date
        • Last Updated (date): timestamp of the last user update
        • Password Changed (date): timestamp when password last changed
    • Custom API Action

      Use Custom API Action to make an authenticated request to the Okta API. Reference the Okta API documentation for additional details about working directly with the Okta API.

      Options

      • Request Type (drop-down): use the appropriate request type depending on the endpoint/method
        • GET
        • POST
        • PUT
        • PATCH
        • DELETE

      Input

      • Relative URL (text): Specify the relative URL as /api/v2/{insert_remaining_URL}. You can specify query parameters in the relative URL using “?”, or specify the query parameters as an object key pair in the Query input.
      • Headers (object): Specify any headers required in addition to authorization or content-type (these are already handled by this connector).
      • Query (object): Specify any additional query parameters that should be included in object format (key value pairs).
      • Body (object): Specify a request body in JSON format. Only available for POST, PUT, and PATCH requests.

      Output

      • Response
        • Status Code (number): status code returned by the Okta API
        • Headers (object): HTTP headers returned by the Okta API
        • Body (object): body of the response returned from Okta API
    • Deactivate User

      Deactivate a user in Okta. This operation cannot be performed on users with a DEPROVISIONED status. Deactivation of a user is an asynchronous operation that cannot be recovered.

      Options

      • Send Email? (drop-down): send a deactivation message to the administrator
        • Yes
        • No

      For more detail on these options, or additional info regarding deactivating users in Okta, reference this documentation.

      Input

      • User
        • ID or Login (string): ID or login of the Okta user. Login is in email address format.

      Output

      • Response
        • Status Code (number): status code returned by the API:
          • 200: Successful deactivation
          • 404: Invalid ID–either the ID is incorrect or that user has already been deactivated
    • Delete User

      Delete a deactivated Okta user by ID. If you use this action on an Okta user who is active, the user will be deactivated. A second Delete User action is required.

      Input

      • User
        • ID (text): ID of the Okta user
        • Send Email? (boolean): send a deactivation email to the administrator if true

      Output

      • Status Code (number): status code returned by the API:
        • 204: Successful deactivation/deletion
        • 404: Invalid ID–either the ID is incorrect or that user has already been deleted
    • Find Users

      Search for Okta users with a query. The query performs a starts with match against First Name, Last Name, or Email. You have the option to display the first matching record only or all matching records in a list (up to 200). For more information, review the Okta documentation here.

      Unless otherwise indicated, field types are text.

      Options

      • Option (drop-down list)
        • First Matching Record: returns a single record
        • All Matching Records: returns all matching records, in list format

      Input

      • Query: query string used to find records by first name, last name, or email address (for example, to search for Bob Ross, Bob, Ross, bob.ross@okta.com are all valid query terms)

      Output

      • Result
        • First Matching Record:
          • Raw Body (object): raw payload returned from the Okta API
          • ID: ID of the user created in Okta
          • Status: current status of the user: STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED
          • Created (date): timestamp when the user was created
          • Activated (boolean): timestamp when transition to ACTIVE status completed
          • Status Changed (date): date of the last user status change
          • Last Login (date): timestamp of the user’s last login date
          • Last Updated (date): timestamp of the user’s last update
          • Password Changed (date): timestamp of the user’s last password change
          • First Name: user’s first name
          • Last Name: user’s last name or family name
          • Mobile Phone: user’s mobile phone number
          • Second Email: secondary email address of user (typically used for account recovery)
          • Login: login username of the user (usually in the form of an email address)
          • Email: user’s primary email address
        • All Matching Records:
          • Users (list of objects): all matching users with payload similar to above, in list format
    • Get Assigned User for Application

      Retrieve a specific user assignment for an application by ID.

      Unless otherwise indicated, field types are text.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Application (dropdown): Choose an app for which you want to get the user assignment. Choose Enter Application ID to select an app by its ID.

      Note: The dropdown only displays 1000 apps and 2000 app instances.

      Input

      • User
        • User ID (text): Unique identification of the user.

      Output

      Profile Properties

      • Formatted (text):
      • Name (text): User’s full name.
      • Nickname (text): User’s nickname.
      • Given Name (text): User’s first name.
      • Middle Name (text): User’s middle name.
      • Family Name (text): User’s last name or family name.
      • Email (text): User’s primary email.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Picture Url (text): URL of the user’s online picture.
      • Website (text): URL of the user’s website.
      • Gender (text): User’s gender.
      • Birthdate (text): User’s birthdate.
      • Time Zone (text): User’s time zone.
      • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
      • Phone Number (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address.
      • Locality (text): Locality component of the user’s address.
      • Region (text): Region component of the user’s address.
      • Postal Code (text): Zip code or postal code component of user’s address.
      • Country (text): Country component of the user’s address.

      System Properties

      • User ID (text): Unique identification of the user.
      • External ID (text): External identification of the user.
      • Created (text): Timestamp when the user was created.
      • Last Updated (text): Timestamp when the user was last updated.
      • Scope (text): Scope of the user.
      • Status (text): Current status of the user.
      • Status Changed (text): Timestamp when the user’s status was changed.
      • Password Changed (text): Timestamp when the user’s password was changed.
      • Sync State (text): Current sync state of the user.
      • Last Sync (text): Timestamp when the last sync happened.
      • Credentials
        • Username (text): Username of the user.
        • Password (text): Password of the user.
    • Get Users Groups

      Retrieve an Okta user’s current group memberships.

      Unless otherwise indicated, field types are text.

      Input

      • User
        • ID: ID of the Okta user

      Output

      • Groups (list of objects)
        • ID: ID of the Okta group
        • Name: name of the group
        • Description: description of the group
        • Created: timestamp when the group was created
        • Last Updated: timestamp when the group was last updated
        • Last Membership Updated: timestamp when the group’s memberships were last updated
    • List Group Members

      List the members of an Okta group.

      Input

      • Group
        • ID (text): ID of the Okta group.

      Output

      • Result
        • Users (list): Okta users in the group.
    • List Users Assigned to an App

      List all assigned users for an app.

      Required fields are indicated in red.

      The output fields in this card are dynamically generated based on your instance.

      Options

      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.

      Note: The dropdown only displays 1000 apps and 2000 app instances.

      Output

      Result

      • Users
        • Profile Properties
        • Formatted (text):
        • Name (text): User’s full name.
        • Nickname (text): User’s nickname.
        • Given Name (text): User’s first name.
        • Middle Name (text): User’s middle name.
        • Family Name (text): User’s last name or family name.
        • Email (text): User’s primary email.
        • Profile Url (text): URL of the user’s online profile or a web page.
        • Picture Url (text): URL of the user’s online picture.
        • Website (text): URL of the user’s website.
        • Gender (text): User’s gender.
        • Birthdate (text): User’s birthdate.
        • Time Zone (text): User’s time zone.
        • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
        • Phone Number (text): User’s primary phone number.
        • Street Address (text): Full street address component of user’s address.
        • Locality (text): Locality component of the user’s address.
        • Region (text): Region component of the user’s address.
        • Postal Code (text): Zip code or postal code component of user’s address.
        • Country (text): Country component of the user’s address.
        • System Properties
        • User ID (text): Unique identification of the user.
        • External ID (text): External identification of the user.
        • Created (text): Timestamp when the user was created.
        • Last Updated (text): Timestamp when the user was last updated.
        • Scope (text): Scope of the user.
        • Status (text): Current status of the user.
        • Status Changed (text): Timestamp when the user’s status was changed.
        • Password Changed (text): Timestamp when the user’s password was changed.
        • Sync State (text): Current sync state of the user.
        • Last Sync (text): Timestamp when the last sync happened.
        • Credentials
          • Username (text): Username of the user.
          • Password (text): Password of the user.
    • List Users With Filter

      List users in Okta based on the filter provided.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Result Set (dropdown): Choose from First matching record and All matching records.

      Input

      • Status (dropdown): Status of the Okta user - STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED.
      • Last Updated (text): Timestamp when the user was last updated.
      • ID (text): Unique identifier of the user.
      • Login (text): Login username of the user (usually in the form of an email address).
      • Email (text): User’s primary email address.
      • First Name (text): User’s first name.
      • Last Name (text): User’s last name or family name.
      • Custom Filter (text): Any custom filter you want to add.

      Output

      Result

      • Raw Output (object): Raw output returned by the Okta API.
      • ID (text): Unique identifier of the user.
      • Status (text): Current status of the user.
      • Created (text): Timestamp when the user was created.
      • Activated (text): Timestamp when the user was activated.
      • Status Changed (text): Timestamp when the user’s status was changed.
      • Last Login (text): Timestamp when the user last logged in.
      • Last Updated (text): Timestamp when the user was last updated.
      • Password Changed (text): Timestamp when the user’s password was changed.
      • First Name (text): User’s first name.
      • Last Name (text): User’s last name or family name.
      • Mobile Phone (text): User’s mobile phone number.
      • Second Email (text): User’s secondary email.
      • Login (text): Login username of the user (usually in the form of an email address).
      • Email (text): User’s primary email address.
    • List Users with Search

      Search for users based on the properties specified in the search parameter.

      Unless otherwise indicated, field types are text.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Result Set (dropdown): Choose from First matching record and All matching records.

      Input

      • Status (dropdown): Status of the Okta user - STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED.
      • Created (text): Timestamp when the user was created.
      • Activated (text): Timestamp when the user was activated.
      • Status Changed (text): Timestamp when the user’s status was changed.
      • Last Updated (text): Timestamp when the user was last updated.
      • ID (text): Unique identifier of the user.
      • Username (text): Username of the user.
      • First Name (text): User’s first name.
      • Last Name (text): User’s last name or family name.
      • Middle Name (text): User’s middle name.
      • Honorific Prefix (text): User’s honorific prefix(es) or title in most Western languages.
      • Honorific Suffix (text): User’s honorific suffix(es).
      • Primary Email (text): User’s primary email address.
      • Title (text): User’s title.
      • Display Name (text): User’s display name.
      • Nickname (text): User’s nickname.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Secondary Email (text): User’s secondary email.
      • Mobile Phone (text): User’s mobile phone number.
      • Primary Phone (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address
      • City (text): City or locality component of user’s address
      • State (text): State or region component of user’s address
      • Zip Code (text): Zip code or postal code component of user’s address
      • Country Code (text): Country abbreviation
      • Postal Address (text): Mailing address component of user’s address
      • Preferred Language (text): User’s preferred written or spoken languages
      • Locale (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations
      • Time Zone (text): User’s time zone
      • User Type (text): User’s relationship to the organization, such as Employee or Contractor
      • Employee Number (text): User’s organizatio- or company-assigned unique identifier
      • Cost Center (text): Name of a cost center assigned with the user
      • Organization (text): Name of the user’s organization
      • Division (text): Name of the user’s division
      • Department (text): Name of user’s department
      • ManagerId (text): ID of the user’s manager
      • Manager (text): Display name of the user’s manager
      • NA (dropdown): Choose from the options available.
      • Custom Search Criteria (text): Any custom search criteria you want to add.
      • Sort
        • Sort by (dropdown): Choose from the options available.
        • Sort Order (dropdown): Choose from ASC or DESC.

      Output

      Result

      • Users (list)
        • Raw Output (object): Raw output returned by the Okta API.
        • ID (text): Unique identifier of the user.
        • Status (text): Current status of the user.
        • Created (text): Timestamp when the user was created.
        • Activated (text): Timestamp when the user was activated.
        • Status Changed (text): Timestamp when the user’s status was changed.
        • Last Login (text): Timestamp when the user last logged in.
        • Last Updated (text): Timestamp when the user was last updated.
        • Password Changed (text): Timestamp when the user’s password was changed.
        • First Name (text): User’s first name.
        • Last Name (text): User’s last name or family name.
        • Mobile Phone (text): User’s mobile phone number.
        • Second Email (text): User’s secondary email.
        • Login (text): Login username of the user (usually in the form of an email address).
        • Email (text): User’s primary email address.
    • Read Group

      Read an Okta group’s information by ID.

      Unless otherwise indicated, field types are text.

      Input

      • Group
        • ID: ID of the Okta group

      Output

      • Properties
        • ID: ID of the Okta group
        • Created: timestamp when the group was created
        • Last Updated: timestamp when the group was last updated
        • Last Membership Updated: timestamp when the group’s memberships were last updated
        • Object Class (list of text): determiner of the group’s profile
        • Type: how the group’s profile and memberships are managed: OKTA_GROUP, APP_GROUP, or BUILT_IN
        • Profile (object)
          • Name: name of the group
          • Description: description of the group
    • Read User

      Read an Okta user’s system information and profile properties by ID or username. Custom added fields are included in the profile properties.

      NOTE: This action will not read information about application users (you will receive a 404 error if the user type is invalid or incorrect). If you need details about an application user, use the ‘Custom API Action’ card, and visit the Okta API Documentation for reading assigned users for an application.

      Unless otherwise indicated, field types are text.

      Input

      • User
        • ID or Login: ID or login username of the Okta user (usually in an email format)

      Output

      • System Properties
        • ID: ID of the Okta user
        • Status: current status of the user: STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED
        • Created (date): timestamp when the user was created
        • Activated (boolean): timestamp when transition to ACTIVE status completed
        • Status Changed (date): date of the user’s last status change
        • Last Login (date): timestamp of the user’s last login date
        • Last Updated (date): timestamp of the user’s last update
        • Password Changed (boolean): timestamp of the user’s last password change
        • Credentials (list)
          • Emails (list): list of emails associated with the user
          • Password (boolean): true if the user has a valid password or imported hashed password, false otherwise
          • Recovery Question (text): recovery question when a user forgets their password
          • Provider (object)
            • Name (text): name of the authentication provider
            • Type (text): type of authentication provider: OKTA, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL or IMPORT
      • Profile Properties
        • City: city or locality component of user’s address
        • Cost center: name of a cost center assigned with the user
        • Country code: country abbreviation
        • Department: name of user’s department
        • Display name: name of the user, suitable for display to end users
        • Division: name of the user’s division
        • Primary email: user’s primary email address
        • Employee number: user’s organizatio- or company-assigned unique identifier
        • First name: user’s first name
        • Honorific prefix: user’s honorific prefix(es) or title in most Western languages
        • Honorific suffix: user’s honorific suffix(es)
        • Last name: user’s last name or family name
        • Locale: user’s default location for purposes of localizing items like currency, date/time format, and numerical representations
        • Username: login username of the user, usually in the form of an email address
        • Manager: display name of the user’s manager
        • ManagerId: ID of the user’s manager
        • Middle name: user’s middle name
        • Mobile phone: user’s mobile phone number
        • Nickname: user’s preferred nickname, if applicable
        • Organization: name of the user’s organization
        • Postal Address: mailing address component of user’s address
        • Preferred language: user’s preferred written or spoken languages
        • Primary phone: primary phone number of user such as home number
        • Profile Url: URL of user’s online profile (a web page)
        • Secondary email: secondary email address of user (typically used for account recovery)
        • State: state or region component of user’s address
        • Street address: full street address component of user’s address
        • Time zone: user’s time zone
        • Title: user’s title, such as Vice President
        • User type: user’s relationship to the organization, such as Employee or Contractor
        • Zip code: zip code or postal code component of user’s address
        • Custom Profile Properties (dynamically generated): additional custom user profile properties that are generated when configuring this card
    • Remove User from an App

      Remove a user from an app.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.

      Note: The dropdown only displays 1000 apps and 2000 app instances.

      Input

      Application

      • App ID (text): Unique identifier of the app. This field only appears if you select Enter Application ID in the Options section.

      User

      • User ID (text): Unique identification of the user.
      • Send Email? (true/false): If true, a removal email is sent to the admin.

      Output

      Result

      • Status (number): Status returned by the Okta API. Here is a list of all status codes.
    • Remove User from Group

      Remove an Okta user from a group.

      Unless otherwise indicated, field types are text.

      Input

      • Group
        • ID: ID of the Okta group
      • User
        • ID: ID of the Okta user

      Output

      • Result
        • Status (number): status code returned by the API:
          • 204: Successful removal
          • 404: Invalid ID–either the ID is incorrect or that user has already been removed
    • Search Groups

      Search groups with a query. The query performs a starts with match against groups’ name value. You have the option to display the first matching record only or all matching records in a list (up to 300). For more information, review the Okta documentation here.

      Unless otherwise indicated, field types are text.

      Options

      • Option (drop-down list)
        • First Matching Record: returns a single record
        • All Matching Records: returns all matching records, in list format

      Input

      • Query: query string used to find groups by name (for example, to search for groups related to sales, enter a query value of sales)

      Output

      • Result
        • First Matching Record:
          • Raw Body (object): raw payload returned from the Okta API
          • ID: ID of the group in Okta
          • Created (date): timestamp when the group was created
          • Last Updated (date): timestamp of the last group update
          • Last Membership Updated: timestamp of the last update to group’s memberships
          • Object Class (list of text): determiner of the group’s profile
          • Type: how the group’s profile and memberships are managed: OKTA_GROUP, APP_GROUP, or BUILT_IN
          • Profile (object)
            • Name: name of the group
            • Description: description of the group
        • All Matching Records:
          • Groups (list of objects): all matching groups with payload similar to above, in list format
    • Suspend User

      Suspend an Okta user by ID or username.

      Required fields are indicated by a red asterisk on the Action Card.

      Input

      • User
        • ID or Login (text): ID or login username of the Okta user (usually in an email format)

      Output

      • Response
        • Status Code (number): success or failure of your HTTP request. Here is a list of all status codes.
    • Unsuspend User

      Unsuspend an Okta user by ID or username.

      Required fields are indicated by a red asterisk on the Action Card.

      Input

      • User
        • ID or Login (text): ID or login username of the Okta user (usually in an email format)

      Output

      • Response
        • Status Code (number): success or failure of your HTTP request. Here is a list of all status codes.
    • Update App Credentials for an Assigned User

      Update an app-user’s credentials.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.

      Note: The dropdown only displays 1000 apps and 2000 app instances.

      Input

      Application

      • App ID (text): Unique identifier of the app. This field only appears if you select Enter Application ID in the Options section.

      User

      • User ID (text): Unique identification of the user.

      Credentials

      • Username (text): Username of the user.
      • Password (text): Password of the user.

      Output

      Profile Properties

      • Formatted (text):
      • Name (text): User’s full name.
      • Nickname (text): User’s nickname.
      • Given Name (text): User’s first name.
      • Middle Name (text): User’s middle name.
      • Family Name (text): User’s last name or family name.
      • Email (text): User’s primary email.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Picture Url (text): URL of the user’s online picture.
      • Website (text): URL of the user’s website.
      • Gender (text): User’s gender.
      • Birthdate (text): User’s birthdate.
      • Time Zone (text): User’s time zone.
      • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
      • Phone Number (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address.
      • Locality (text): Locality component of the user’s address.
      • Region (text): Region component of the user’s address.
      • Postal Code (text): Zip code or postal code component of user’s address.
      • Country (text): Country component of the user’s address.

      System Properties

      • User ID (text): Unique identifier of the user.
      • External ID (text): External identifier of the user.
      • Created (text): Timestamp when the user was created.
      • Last Updated (text): Timestamp when the user was last updated.
      • Scope (text): Scope of the user.
      • Status (text): Current status of the Okta user.
      • Status Changed (text): Timestamp when the user’s status was changed.
      • Password Changed (text): Timestamp when the user’s password was last changed.
      • Sync State (text): Sync state of the user.
      • Last Sync (text): Timestamp when the user was last synced.
      • Credentials
        • Username (text): Username of the user.
        • Password (text): Password of the user.
    • Update App Profile for an Assigned User

      Update an app-user’s profile.

      Required fields are indicated in red.

      The input and output fields in this card are dynamically generated based on your instance.

      Options

      • Application (dropdown): Choose an app from which you want to remove the user. Choose Enter Application ID to select an app by its ID.

      Note: The dropdown only displays 1000 apps and 2000 app instances.

      Input

      Application

      • App ID (text): Unique identifier of the app. This field only appears if you select Enter Application ID in the Options section.

      User

      • User ID (text): Unique identification of the user.

      Credentials

      • Username (text): Username of the user.
      • Password (text): Password of the user.

      Profile Properties

      • Formatted (text):
      • Name (text): User’s full name.
      • Nickname (text): User’s nickname.
      • Given Name (text): User’s first name.
      • Middle Name (text): User’s middle name.
      • Family Name (text): User’s last name or family name.
      • Email (text): User’s primary email.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Picture Url (text): URL of the user’s online picture.
      • Website (text): URL of the user’s website.
      • Gender (text): User’s gender.
      • Birthdate (text): User’s birthdate.
      • Time Zone (text): User’s time zone.
      • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
      • Phone Number (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address.
      • Locality (text): Locality component of the user’s address.
      • Region (text): Region component of the user’s address.
      • Postal Code (text): Zip code or postal code component of user’s address.
      • Country (text): Country component of the user’s address.

      Output

      Profile Properties

      • Formatted (text):
      • Name (text): User’s full name.
      • Nickname (text): User’s nickname.
      • Given Name (text): User’s first name.
      • Middle Name (text): User’s middle name.
      • Family Name (text): User’s last name or family name.
      • Email (text): User’s primary email.
      • Profile Url (text): URL of the user’s online profile or a web page.
      • Picture Url (text): URL of the user’s online picture.
      • Website (text): URL of the user’s website.
      • Gender (text): User’s gender.
      • Birthdate (text): User’s birthdate.
      • Time Zone (text): User’s time zone.
      • Locale Name (text): User’s default location for purposes of localizing items like currency, date/time format, and numerical representations.
      • Phone Number (text): User’s primary phone number.
      • Street Address (text): Full street address component of user’s address.
      • Locality (text): Locality component of the user’s address.
      • Region (text): Region component of the user’s address.
      • Postal Code (text): Zip code or postal code component of user’s address.
      • Country (text): Country component of the user’s address.

      System Properties

      • User ID (text): Unique identifier of the user.
      • External ID (text): External identifier of the user.
      • Created (text): Timestamp when the user was created.
      • Last Updated (text): Timestamp when the user was last updated.
      • Scope (text): Scope of the user.
      • Status (text): Current status of the user.
      • Status Changed (text): Timestamp when the user’s status was changed.
      • Password Changed (text): Timestamp when the user’s password was last changed.
      • Sync State (text): Sync state of the user.
      • Last Sync (text): Timestamp when the user was last synced.
      • Credentials
        • Username (text): Username of the user.
        • Password (text): Password of the user.
    • Update User

      Update an Okta user’s system information and profile properties by ID or username.

      NOTE: This action will not update information about application users (you will receive a 404 error if the user type is invalid or incorrect). If you need to update an application user, use the ‘Custom API Action’ card, and visit the Okta API Documentation for updating application users.

      Unless otherwise indicated, field types are text.

      Options

      • Update Semantics (drop-down list)
        • Partial: Updates a user’s profile or credentials with partial update semantics. Any properties that are not specified are ignored, and will maintain their current value.
        • Strict: Updates a user’s profile and/or credentials using strict-update semantics. IMPORTANT: All profile properties must be specified when updating a user’s profile. Any property not specified in the request is set to null.

      Input

      • User
        • ID: ID of the Okta user (usually in an email format)
      • Profile

        • City: city or locality component of user’s address
        • Cost center: name of a cost center assigned with the user
        • Country code: country abbreviation
        • Department: name of user’s department
        • Display name: name of the user, suitable for display to end users
        • Division: name of the user’s division
        • Primary email: user’s primary email address
        • Employee number: user’s organization- or company-assigned unique identifier
        • First name: user’s first name
        • Honorific prefix: user’s honorific prefix(es) or title in most Western languages
        • Honorific suffix: user’s honorific suffix(es)
        • Last name: user’s last name or family name
        • Locale: user’s default location for purposes of localizing items like currency, date/time format, and numerical representations
        • Username: login username of the user, usually in the form of an email address
        • Manager: display name of the user’s manager
        • ManagerId: ID of the user’s manager
        • Middle name: user’s middle name
        • Mobile phone: user’s mobile phone number
        • Nickname: user’s preferred nickname, if applicable
        • Organization: name of the user’s organization
        • Postal Address: mailing address component of user’s address
        • Preferred language: user’s preferred written or spoken languages
        • Primary phone: primary phone number of user such as home number
        • Profile Url: URL of user’s online profile (a web page)
        • Secondary email: secondary email address of user (typically used for account recovery)
        • State: state or region component of user’s address
        • Street address: full street address component of user’s address
        • Time zone: user’s time zone
        • Title: user’s title, such as Vice President
        • User type: user’s relationship to the organization, such as Employee or Contractor
        • Zip code: zip code or postal code component of user’s address
        • Custom Profile Properties (dynamically generated): additional custom user profile properties that are generated when configuring this card
      • Credentials

        • Password: string value for the user’s new password
        • Recovery Question: question to enable password recovery for the user
        • Recovery Answer: answer to password recovery question

      Output

      • System Properties
        • ID: ID of the Okta user
        • Status: current status of the user: STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED
        • Created (date): timestamp when the user was created
        • Activated (boolean): timestamp when transition to ACTIVE status completed
        • Status Changed (date): date of the user’s last status change
        • Last Login (date): timestamp of the uer’s last login date
        • Last Updated (date): timestamp of the user’s last update
        • Password Changed (boolean): timestamp of the user’s last password change
        • Credentials (list)
          • Emails (list): list of emails associated with the user
          • Password (boolean): true if the user has a valid password or imported hashed password, false otherwise
          • Recovery Question: recovery question when a user forgets their password
          • Provider (object)
            • Name: name of the authentication provider
            • Type: type of authentication provider: OKTA, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL or IMPORT
      • Profile Properties
        • City: city or locality component of user’s address
        • Cost center: name of a cost center assigned with the user
        • Country code: country abbreviation
        • Department: name of user’s department
        • Display name: name of the user, suitable for display to end users
        • Division: name of the user’s division
        • Primary email: user’s primary email address
        • Employee number: user’s organization- or company-assigned unique identifier
        • First name: user’s first name
        • Honorific prefix: user’s honorific prefix(es) or title in most Western languages
        • Honorific suffix: user’s honorific suffix(es)
        • Last name: user’s last name or family name
        • Locale: user’s default location for purposes of localizing items like currency, date/time format, and numerical representations
        • Username: login username of the user, usually in the form of an email address
        • Manager: display name of the user’s manager
        • ManagerId: ID of the user’s manager
        • Middle name: user’s middle name
        • Mobile phone: user’s mobile phone number
        • Nickname: user’s preferred nickname, if applicable
        • Organization: name of the user’s organization
        • Postal Address: mailing address component of user’s address
        • Preferred language: user’s preferred written or spoken languages
        • Primary phone: primary phone number of user such as home number
        • Profile Url: URL of user’s online profile (a web page)
        • Secondary email: secondary email address of user (typically used for account recovery)
        • State: state or region component of user’s address
        • Street address: full street address component of user’s address
        • Time zone: user’s time zone
        • Title: user’s title, such as Vice President
        • User type: user’s relationship to the organization, such as Employee or Contractor
        • Zip code: zip code or postal code component of user’s address
        • Custom Profile Properties (dynamically generated): additional custom user profile properties that are generated when configuring this card