<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00008vcpQHSAYOkta Identity EngineWorkflowsAnswered2024-09-01T09:04:22.000Z2020-07-09T12:45:38.000Z2020-08-10T09:29:50.000Z

q5nrb (q5nrb) asked a question.

July 9, 2020 at 12:45 PM
Trigger a workflow by event in other Okta org?

Hello,

 

Q: Can Workflows trigger a flow based upon events happening in a different Okta org?

 

We've just got Workflows turned on in our preview, and the second flow I am trying out fails to kick in.

Image is not available

We have the Workflow engine running on Okta HUB. The flow is set to start on "User Suspended" event on the Okta HRM tenant (which does not have workflow) and then start working on the linked account in Okta HUB.

 

The connection seems fine,

Image is not available

and I believe the API scope is fine for this flow.

Image is not available

 

I followed this guide (https://support.okta.com/help/s/article/How-do-I-connect-Okta-Workflows-to-a-different-Okta-tenant?language=en_US) - which I believe is incomplete and should be reviewed. I think it is missing the connection setup part in Workflows, where you add the Client ID and Secret that gets generated. And I've interpreted step 8 to assign the Workflow OAuth app to the admin account that is doing the authentication when setting up the connection in Workflows.

 

So, if this is supposed to work, what's wrong with this setup?

 

Thanks,

Mads

  • 4 answers
  • 1.27K views

  • q5nrb (q5nrb)

    Right, finally back from summer break, and Okta support had the solution ready waiting for me. It was insufficient Okta API Scope permissions. Both the okta.eventHooks.manage and okta.eventHooks.read needed to be granted. After re-authorization of the connector, the flow activates and works just fine.

     

    Image is not available

    Expand Post
    Selected as Best

  • ArvilN.19271 (Customer)

    Hi Mads,

     

    Can you try to follow the in-product documentation to get this setup? The link is below, but you can also find it during the Okta connection setup screen and by clicking the ? in the bottom left.

     

    https://learn.workflows.okta.com/connector-reference/okta/#auth

     

    Go to the section titled "Authorize an account from another Okta org". In the meantime, we'll try to see what's incorrect about the knowledge base article.

     

    Arvil

    Expand Post

  • q5nrb (q5nrb)

    Thanks Arvil,

     

    I take that as it is supposed to work, and it is not working for us. Thanks for the link, I had that site opened, but had failed to find that part. Excellent instructions*. I reviewed and found no apparent wrongs on our end. I deleted the connector and the OAuth App on the target and did them over, following the guide. Alas, no dice, and I get an error message "Could not activate Flow" when I try to activate it. I'll take this to Okta Support to have them have a look. I'll keep you posted on the result.

    Image is not available

    *Some suggested corrections

    This isn't correct (any longer)

    Image is not available

    It should say: Your OpenID Connect web app > General tab > Client Credentials

     

    Thanks,

    Mads

    Expand Post

  • q5nrb (q5nrb)

    Right, finally back from summer break, and Okta support had the solution ready waiting for me. It was insufficient Okta API Scope permissions. Both the okta.eventHooks.manage and okta.eventHooks.read needed to be granted. After re-authorization of the connector, the flow activates and works just fine.

     

    Image is not available

    Expand Post
    Selected as Best
This question is closed.
Loading
Trigger a workflow by event in other Okta org?