The Okta connector for Workflows does not have a built-in Event card for every Okta event that is event hook eligible. For event hook-eligible events that do not have a corresponding Event card in workflows, an API Endpoint flow can be triggered via an event hook configured in the Okta Admin dashboard.

The Okta Event Types Catalog contains a complete list of event types and includes tags indicating whether each event is event-hook-eligible. 

• Okta Workflows
• Okta connector Events
• API Endpoint workflows
• Event Hooks

Below are the steps for creating an API Endpoint workflow and configuring an Event Hook via the Okta Admin dashboard that will trigger the workflow.

Create an API Endpoint Flow

1. In the Workflows console, navigate to the Flows tab, click + New Flow to create an new workflow.
2. Click the Add event card then select API Endpoint under Okta apps.
3. Choose the security level for the flow and click Close.  It is recommend to start with Secure with client token while initially building and testing the flow.  See the documentation for the steps to configure the Secure with OAuth 2.0 security level.
4. Give the flow a name and click the Save button.
5. On the API Endpoint event card, click the Endpoint settings icon, </>, to edit the settings.
6. Copy the Invoke URL as it will be needed to configure an Event Hook.  Note that the flow must be saved to generate the complete Invoke URL. If the url contains placeholders for <alias> and <client-token> it has not been saved.
7. Build out the rest of the workflow to address the intended use case.  When the flow is invoked from the event hook, the payload passed into the flow will contain the event details and can be retrieved from the body field on the API Endpoint flow event card.
8. The flow must be turned on before it will be triggered.

Create an Event Hook in the Okta Admin Console

1. In the Okta Admin dashboard, navigate to Workflow > Event Hooks and click Create Event Hook.
2. Paste the URL copied from the API Endpoint flow into the Endpoint URL field and fill in the Event Hook name field.
3. In the Select Events section search for and select the event(s) that will trigger the workflow.
4. Click Create hook and Continue.
5. Click through the rest of the steps and at the end click Verify.  When the Endpoint URL is an API Endpoint flow it will be automatically verified.
6. After successful verification, the Event Hook status will be set to Active.

Once the workflow is turned on, whenever the subscribed event(s) occur, the flow should trigger. The payload sent to the flow will contain the event details.

Secure with client token

When the API Endpoint flow is configured to use the Secure with client token security level, the client token is included the clientToken query parameter in the URL:
 

https://orgname.workflows.oktapreview.com/api/flo/54490ab...f203774/invoke?clientToken=bc1b80...e1dfe2

RECOMMENDED: Remove the clientToken query parameter from the Endpoint URL to allow the client token to be sent in the HEADER object instead of the plain text query string:
 

https://orgname.workflows.oktapreview.com/api/flo/54490ab...f203774/invoke

Then configure the Customize request, Enhance security section of the event hook to send the token in the request headers. Set the Authentication field value to x-api-client-token and Authentication secret to the value of the clientToken:

 
 

Related References

• Invoke a flow with an API endpoint
• Event Types Catalog
• Create an event hook