In the Okta Workflows console, when attempting to turn on a workflow that is configured to use an event card that creates a webhook, like the Okta connector event cards, a toast message or an error may occur.
Cannot activate Flow. Webhook registration failed."
Failed to activate webhook
- Okta Workflows
- Connector Event cards
This can occur for the Okta connector event cards when:
- This Okta connection is no longer authorized.
- The user who authorized the Okta connection does not have the Super Administrator role.
- The Okta connection was not authorized with the
okta.eventHooks.readandokta.eventHooks.manage scopes.
For connectors to third-party systems, the user authorizing the connection may not have sufficient permissions to create a webhook in the third-party system.
- When turning on a flow triggered by an Okta connector event card, an event hook must be created in the Okta org. As documented in the Standard administrator roles and permissions - Hooks documentation, the Super Admin role is required to create and configure event hooks in Okta.
NOTE: Make sure the user who authorized the Okta connection has the Super Admin role. It is not necessary to reauthorize the Okta connection after assigning the Super Admin role.
- Make sure the Okta connection has been authorized with the
okta.eventHooks.readandokta.eventHooks.managescopes. The scopes can be granted on the Okta API Scopes tab of the Okta Workflows OAuth application. When reauthorizing the connection, select the Use default scopes option from the Permissions tab and theokta.eventHooks.readandokta.eventHooks.managescopes will be selected by default:
The Customize scopes (advanced) option on the Permissions tab provides more granular control over the scopes requested when authorizing the connection. See Okta Workflows Okta Connection(s) - Insufficient Scope for more details.
