0D5KZ000019v8sm0AAOkta Identity EngineWorkflowsAnswered2025-08-29T15:06:30.000Z2025-08-12T14:24:20.000Z2025-08-29T15:06:30.000Z

RenatoO.17465 (Customer) asked a question.

August 12, 2025 at 2:24 PM
Okta Workflows + Slack multi-channel conversion from full member to multi-channel

Hey,

Has anyone managed to get a working workflow within Okta that converts a full member to multi-channel.

 

I feel like I'm getting close as I've managed to get full members added to the relevant workspaces based on their position within the business, but now I'm really struggling to make these "guests" from full members to multi-channel, here is currently what I've done. I'm really stuck and really would love to get this going. When it reaches the PATCH for the SCIM API it gives me error 401 and I have checked everything and cannot figure out why this is not happy.

 

/help/servlet/rtaImage?refid=0EMKZ000000dUAk

/help/servlet/rtaImage?refid=0EMKZ000000dUAp

  • 2 answers
  • 244 views

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @RenatoO.17465 (Customer)​ Thank you for posting on our Community page!

     

    A 401 Unauthorized error means that the API is rejecting your request because the authentication credentials you provided are either missing, invalid, or do not have the necessary permissions. Here's what you should check:

    • API Token: The most likely cause is an issue with the API token you're using. Double-check that the token is still valid, hasn't expired, and has the correct permissions to perform a
    • PATCH
    • request on the SCIM API endpoint. It's crucial that the token has the scopes needed to modify user accounts.
    • SCIM Connector Permissions: Ensure that the Okta application that is provisioned to Slack (or the relevant app) has the proper SCIM provisioning permissions enabled. Specifically, look for options to "Create Users," "Update User Attributes," and "Deactivate Users."
    • SCIM Configuration: In the Okta application's provisioning settings, verify that the SCIM connector configuration is correct. This includes the API endpoint URL and the bearer token. Sometimes, a simple re-authentication of the API connection can resolve the issue.

     

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Just released: More Okta Community badges just added

    Expand Post
    Selected as Best

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @RenatoO.17465 (Customer)​ Thank you for posting on our Community page!

     

    A 401 Unauthorized error means that the API is rejecting your request because the authentication credentials you provided are either missing, invalid, or do not have the necessary permissions. Here's what you should check:

    • API Token: The most likely cause is an issue with the API token you're using. Double-check that the token is still valid, hasn't expired, and has the correct permissions to perform a
    • PATCH
    • request on the SCIM API endpoint. It's crucial that the token has the scopes needed to modify user accounts.
    • SCIM Connector Permissions: Ensure that the Okta application that is provisioned to Slack (or the relevant app) has the proper SCIM provisioning permissions enabled. Specifically, look for options to "Create Users," "Update User Attributes," and "Deactivate Users."
    • SCIM Configuration: In the Okta application's provisioning settings, verify that the SCIM connector configuration is correct. This includes the API endpoint URL and the bearer token. Sometimes, a simple re-authentication of the API connection can resolve the issue.

     

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Just released: More Okta Community badges just added

    Expand Post
    Selected as Best

  • TimL.58332 (Workflows)

    One other thing I am noticing is you have a Connection assigned to the API connector named "Slack Invite Admin" and it looks like you are passing a bearer token in an Authorization header into headers on the same card.

     

    The selected connection is going to be passing credentials unless you have "None" set for the connection. Sending in additional credentials via headers may conflict and I've seen that result in unexpected 401 responses from vendors.

     

    Also, with your existing credentials in API Connector to the SCIM endpoint(s) can you do other simple things like GET method operations? Those typically require less permissions. So if you statically define something as a "test" can you get results?

    Expand Post
This question is closed.

Recommended content

No recommended content found...