501 and 403 Errors When Using the Add User to Group and Remove User from Group Cards in Workflows
May 7, 2025
Workflows
Okta Classic Engine
Okta Identity Engine
Overview
Attempting to add a user to a group using the Add User to Group card fails with the following error:
501 Not Implemented
"body": {
"errorCode": "E0000060",
"errorSummary": "Unsupported operation.",
"errorLink": "E0000060",
"errorId": "oaea2E4hyiNQEOxzDmZRLX64Q",
"errorCauses": []
},
"message": "501 Not Implemented",
"code": 501,
"description": "HTTP Request Error"
Attempting to remove a user from a group using the Remove User from Group card fails with the following error:
403 Forbidden
"body": {
"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "oaei0xmdliuScGuKnrvNvZihg",
"errorCauses": []
},
"message": "403 Forbidden",
"code": 403,
"description": "HTTP Request Error"
Applies To
- Okta Workflows
- Okta connector Add User to Group card
- Okta connector Remove User from Group card
Cause
Solution
- Use the Read Group card to retrieve the group Type attribute to verify the group in question is an Okta sourced group. The type will be returned as OKTA_GROUP for an Okta-sourced group, APP_GROUP for an app group like Google, Office 365, etc., or BUILT_IN for a built-in Okta group like Everyone.
- When using the Search Groups card to find groups, set the Type attribute input to OKTA_GROUP to filter the results to only Okta sourced groups:
