FelixP.74030 (Customer) asked a question.
Early access enable event hook in custom roles does not allow creating webhooks
In the hope of getting a group synchronization integration to work, we have setup the following :
- An API Application (machine to machine) with public key authentication
- Granted the following scopes: okta.users.read, okta.groups.read, okta.eventHooks.manage, okta.schemas.read, okta.roles.read
- Created a Custom Role with the Manage EventHooks permission, which required to enable an Early Access feature flag
- Assigned to custom role to our API Application, and given the appropriate Resource Set (giving access to All Users, All Groups and All Event Hooks)
When our services request an access token, they requests all the scopes listed above.
Whenever our services try to create an EventHook, we get a 403, but I would have expected it to work, since our app does have the granted scope, the correct permissions to manage hooks and has access to all the event hook resources.
Any lead is appreciated
Thanks!
Hi @FelixP.74030 (Customer) , Thank you for reaching out to the Okta Community!
Being an EA feature, it might have some kinks to work out. I ran this by my colleagues to see if anyone tried a similar implementation and based on the information I was able to gather, assigning the Manage Inline Hooks permission as well might be required for the feature to work.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added