OKTA Workflows : the best is yet to come

In my previous article, I gave you a brief introduction to Okta workflows, in order to arouse your curiosity as to the potential of this tool. On the face of it, if you’re here, that’s the case (if you’ve seen the light and gone in, that’s good too!).

Today, I’m going to take the presentation of workflows a step further, and tell you about the many features I haven’t mentioned before. The subject will be function cards, and the possibilities they offer in addition to application cards.

Say again, what are cards in Okta workflows ?

No need to worry, nothing in common with Windows’ FreeCell (I used to like it)…

The cards in the applications section enable you to chain actions involving either an Okta tenant or a third-party application, by means of a connection (existing or custom connector), if you remember. Here are a few examples: adding an Okta user to a group, assigning an application to him/her, sending an e-mail via Gmail, creating a query in Jira, etc.

Applications cards (actions in Okta to be precise)

Still with me ? Ok, now, let’s talk about functions cards !

Functions cards

Function cards offer a wide range of operations, divided into four sections: logic, manipulation, elements and advanced.

The menu is provided, and these are just the sub-sections.

Logic functions

They can be used for branching, error handling and to influence the execution of a flow. A simple branching example is that you can use conditions to determine the sequence of actions to be executed: if the defined value can be found in such and such data, then the workflow will continue with a sequence of actions, leaving aside the other branches. Or decide that the workflow will only continue to act if a condition is met.

Comparison of a user ID with an expected value: no match, workflow did not go any further.

Unsurprisingly, the error functions relate to error management, so I won’t go into detail here. The flow control functions, on the other hand, are designed to manage workflow execution, allowing you to pause it, call another workflow to retrieve data (synchronously or asynchronously), or terminate the flow and return data.

Pause for thirty seconds before making an API call to a 1Password SCIM Bridge to ensure that previous operations have been carried out.

Do you have different use cases depending on certain user attributes or permissions? That’s where branching and conditions come in. All in all, there are a large number of comparison functions, similar to those used in conventional development..

Comparison operators

Manipulation functions

These are all the functions that enable you to process data in an initial state, to transform it, reduce it, extend it, change its format… I could spend a day describing all the possibilities, so numerous are they. There’s Boolean, datetime, number, text, object, list (array) and even file manipulation.

Let’s take a concrete example. Following an API call, you retrieve an array of users who belong to a group. You need to retrieve all the user Id’s, and then put them in an array on which you’ll run another workflow that will modify an attribute of the user’s profile.

How can I retrieve all userId from the result of List Group Members?

The solution is provided by a function card, with the “Pluck” function, which creates a new array from the result, but using only a specific value. Here, we’ll choose the Users array, for which we’ll request the key ID, and that’s it.

And we finish with a For Each that will call up a second profile update flow, based on each item in the “values” array, which is the result of the “Pluck” card. It’s not rocket science, is it?

But how is the second workflow launched? Well, it’s a “helper flow”: it’s called by the first workflow, and when it’s called, we pass it the data it needs in the execution context.

The userId is passed to the context in the “Helper Flow” card, which executes this workflow as soon as the first one calls it.

Second concrete example, less long (I promise!): you want to make an API call to Google, but you need to pass a JSON object in the request body that depends on the composition of a received Id Token. You retrieve the token, decode it since it’s a JWT with the “Decode” card, and then you can build a JSON object body from the values you want, which you’ll then send in an API call.

Here, we’re building a body that will be exchanged for an access from Google’s Security Token Service API.

Element functions

They can be used to export flows and workflow folders as JSON files, or to create and manipulate csv tables. I don’t think it’s necessary to illustrate these functions with an example; they speak for themselves.

Advanced functions

They mainly concern format management: URL, JSON, JWT, XML, encryption. You’ll also find here cards for making API calls that don’t require an existing third-party connector. Note that the “Raw Request” card gives you total freedom of control over an API call: you define the headers, method, content, destination url, and a query if required.

Workflows readibility

You can visualize the overall flow by clicking on “flow chart”, which shows you a diagram of the execution.

The flow of the previous example

In terms of the big picture, the existing flows overview also shows you the types of card used.

For 1st flow: API endpoint, JWT, object and branching

More recently, Okta has added new features to facilitate workflow management.

But, wait ! There’s more to it !

Okta Workflows also provides you with templates! Because certain use cases are clearly common to many customers, they’ve provided you with examples of workflows.

You want more info, watch a demo ?

Here it is !


Workflows, as you’ll have gathered, have incredible potential in that they provide you with a range of actions and functions that enable you to automate, maintain and modify a sequence of actions at will, through a low-code interface.

While managing API calling cards requires some knowledge and skills on the subject, it’s logic that you’ll need to implement your workflows.

As a reminder, if you take out an Okta Workforce Identity Cloud offer, you’ll always have five workflows at your disposal, free of charge.

Point Base is an Okta partner company, our services:

  • Consulting
  • Training
  • Implementation
  • Software development

We now also work with Perimeter 81

Don’t hesitate to follow Point Base’s LinkedIn page.

Do you have any questions? Contact us, we’ll be delighted to answer them.

Leave a Reply