<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Use Okta Identity Governance API in Okta Workflows
Jun 9, 2026
Identity Governance
Okta Classic Engine
Okta Identity Engine
Overview

The Okta Identity Governance APIs can be used within Okta Workflows by leveraging the Okta Identity Governance connector or the Okta connector. The desired governance scopes will need to be granted to the Okta Workflows OAuth application before (re)authorizing the Okta Identity Governance connector or the Okta connector


If the scopes are not granted, a 403 Forbidden error can occur when trying to reach an OIG API endpoint. The www-authenticate response header included in the error message indicates that the access token does not contain the required scopes, in this example, the okta.governance.accessRequests.read scope:

www-authenticate: Bearer authorization_uri="http://{subdomain}.okta.com/oauth2/v1/authorize""", realm="http://{subdomain}.okta.com", scope="okta.governance.accessRequests.read", error="insufficient_scope", error_description="The access token provided does not contain the required scopes.", resource="/governance/api/v1/requests/{requestId}"

 

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Okta Identity Governance (OIG)
  • Okta Workflows
  • Access Requests
  • Access Certifications
Solution

Grant the necessary governance scopes to the Okta Workflows OAuth application and create/(re)authorize the connection in Okta Workflows by following these steps:

  1. Navigate to the Admin Console as a Super Admin.
  2. Go to Applications > Applications and open the Okta Workflows OAuth application.
  3. Select the Scopes tab, locate the scopes needed for the API endpoints, and click Grant.
  4. Authorize or reauthorize the connection in Okta Workflows Console.
  5. Utilize the Okta Identity Governance APIs through the Okta Identity Governance connector cards or an Okta Custom API Action.

Recommended content

Still looking for help?
Loading
Use Okta Identity Governance API in Okta Workflows