Overview

This guide teaches how to set up an Okta inline hook using an Okta Workflows flow.

Solution

Inline hooks with Workflows

Inline hooks

Inline hooks are outbound calls from Okta to your own custom code, triggered at specific points in Okta process flows. They allow you to integrate custom functionality into those flows.

Okta supports the following inline hooks: 

• Registration: customizes the handling of user registration requests in Self-Service Registration.
• SAML: customizes SAML assertions returned by Okta.
• Token: customizes tokens returned by the Okta API Access Management.
• Password Import: verifies a user-supplied password to support migration of users to Okta.
• User Import: customizes how new users imported from an application are handled in Okta.
• Telephony: use a telephony service provider to send SMS text messages or voice calls. See Configure a telephony provider through an inline hook.

This guide focuses on the Registration inline hook.

Inline hooks are synchronous. When Okta triggers an inline hook, the process pauses and waits for your custom logic (the API endpoint) to send a response before continuing.

Event hooks are asynchronous. These are “fire-and-forget” triggers that run after an event occurs. Unlike inline hooks, the process that triggered the event does not wait for the event hook to finish processing.

Registration - inline hook

The registration inline hook enables modifications to user profile attributes during registration, allowing changes such as setting the userType to Contractor via a commands array.

{
  "commands": [
    {
      "type": "com.okta.user.profile.update",
      "value": {
        "userType": "Contractor"
      }
    }
 ]
}

The next section shows a Workflows flow that returns such JSON.

Workflows flow

The flow to process the registration inline hook is below:

 
Registration inline hook flow. 

How the flow works

1. The API Endpoint event card allows an inline hook to invoke this flow via an API.
2. The Branching-If/Else function card checks the email address:
   • If the email has the atko.email domain, the user is a contractor. The Compose function card generates a commands JSON to set the user type to Contractor (atko.email is used as an example domain).
   • If the domain is different, an empty commands object is sent.
3. The JSON-Parse function card converts JSON text to an object.
4. The API Connector-Close card sends the response to the inline hook.

The following image shows the comparison logic inside the Branching-If/Else function card:

 
If/Else comparison logic.

Inline hook setup

Head to Workflow > Inline Hooks in the Okta Admin Console to register an inline hook. The URL field points to a Workflows flow API.

 
Register an inline hook.

Learn more about how to set up inline hooks.

Enable self-service registration

To allow users to self-register:

1. In the Okta Admin Console, go to Security > User Profile Policies.
2. Click the pencil icon to edit the Default Policy. 
3. Click Edit. 
4. Check Allowed for Self-service registration.
5. Click Save. 

When you enter your Okta org URL into a browser, you will see a Sign Up link at the bottom of the registration form.

 
Self-service registration form.

When a user registers with a matching email domain (atko.email), their user type will be set to Contractor via the Workflows flow inline hook.

 
Contractor user type.

Related References

• Understanding Okta Workflows Events
• Okta Workflows Tutorial: Notify When a User is Added to a Group (with Event Hook filtering)