Okta Workflows 3rd Party Connection - Insufficient Scope
Jan 16, 2026
Workflows
Okta Classic Engine
Okta Identity Engine
Overview
As part of production release 2025.03.0, scope customization is available when creating/re-authenticating 3rd Party / Vendor connection(s). The connections are being phased in over time and are documented in the Workflows Release Notes.
Applies To
- Okta Workflows
- Vendor connections
- Insufficient scope
Cause
Custom scopes can now be specified for various connections at authentication time by clicking on the Permissions tab.
- When creating or reauthorizing a connection, go to the Permissions tab in the connection window.
- Select Use Default Scopes to use all of the predefined scopes.
- Select Customize scopes (advanced) to specify the desired scopes.
-
- If a vendor supports custom ADD scope with the application within their admin console, the additional scope(s) must be added within the vendor side application, and the custom scope(s) added within the Workflows connection.
- If a vendor does not support custom scope(s), this only allows removing scope functionality.
Solution
As part of creating or re-authenticating the connection, click on the new PERMISSIONS tab.
- To continue using the standard 3rd party managed scopes, click/ensure that Use default scopes is selected.
- To manage permissions directly in the connection, click/ensure Customize scopes (advanced) is selected and check/un-check scopes (or add as additional, if allowed).
