Delegated Workflows allow designated Okta Admins to run selected workflows from the Okta Admin Console without having access to the Workflows Console. Delegated workflows utilize Custom Admin Roles to allow specific users to execute selected Delegated flows.  This article provides step-by-step instructions for creating a delegated flow, creating a custom admin role, and executing the delegated flow.

• Okta Workflows
• Delegated Workflows
• Custom Admin Roles

A. Create a Delegated Flow

The first step is to create one or more delegated flows. Building a delegated flow is similar to building other types of flows, but the Delegated Flow event card triggers the flow.

1. In the Okta Workflows Console, create a new flow.
2. Click the Add event button and select the Delegated Flow event in the Okta Apps section.
3. Add the desired inputs that will be passed into the flow when it is run:

4. Build out the rest of the flow as any other type of workflow.

B. Create a Custom Admin Role

Custom Admin Roles and Resource Sets are used to define the users and/or groups that can view and run specific delegated flows. In the Okta Admin Dashboard, navigate to Security > Administrators:

1. Create a Role
   1. From the Roles tab, click the Create new role button.
   2. Give the role a name and description.
   3. In the Select permissions section, select the Workflow Run delegated flow permission.
   4. Click the Save role button.
2. Create a Resource Set
   1. From the Resources tab, click the Create new resource set button.
   2. Give the resource set a name and description.
   3. Click the + Add resource button and search for "Workflows".
   4. Click All flows to add all delegated flows to the resource set, or click Select flows to search for and add specific delegated flows to the resource set.
   5. Click the Save selection button.
   6. Click the Create button.
3. Create an Admin Assignment
   1. From the Overview or Admins tab, click the Add Administrator button.
   2. In the Select admin drop-down list, search for and select the desired user or group that will be given permission to run the delegated flows.
   3. From the Role drop-down list, select the role created in step 1 above.
   4. From the Resource set drop-down list, select the resource set created in Step 2 above.
   5. Click the Save Changes button to save the assignment.

NOTE: When adding permissions to the role, View delegated flow permissions only allow a user to view the flow inputs if the user does not have Run delegated flow permissions.  View permissions do not give the user access to the Workflows console to view the workflow execution history.

C. Run a Delegated Flow

1. Log in to the Okta Admin console as a user who has been given an admin assignment that allows them to run delegated flows. Navigate to Workflow > Delegated flows. Click the Run button to run the desired delegated flow. Note that the Run button will be disabled for flows that are not turned on:

2. If the flow has inputs, enter the input values and click the Run button to invoke the flow:

3. A toast message will be displayed in the lower right-hand corner of the browser, indicating the flow was invoked:

4. A second toast message will be displayed in the lower right-hand corner of the browser, indicating the status of the flow execution:

Related References

• Delegated flows
• Custom admin roles