Jump to a Section

Overview

Before you authorize your account with the Okta connector, verify that you have an OAuth2 app configured for OpenID Connect. If you have already configured the app, move to Authorize an Account. If you do not have an OpenID Connect web application, follow the Create and Configure instructions below.

Create an OpenID Connect Web Application

  1. In the Okta Admin console, navigate to Applications > Applications.
  2. Click +Add Application.
  3. Click Create New App.
  4. In the Platform drop-down menu, select Web.
  5. For the Sign-on Method, select OpenID Connect.
  6. On the Create OpenID Connect Integration, enter your Application name and, if applicable, and Application logo.
  7. Enter a Login Redirect URI for your application. The URI depends on the domain of your Workforce instance. For example, if your Workflow URI is https://designer.ui.workflow.oktapreview.com, then your redirect URI is https://designer.ui.workflow.oktapreview.com/app/oauth/okta/authorize.
  8. Click Save.

Configure Your OpenID Connect Web Application

  1. In the Okta Admin console, navigate to Applications > Applications.
  2. Select your newly created application.
  3. On the General tab, click Edit.
  4. In the Allowed Grant Types list, select Refresh Token.
  5. Click Save.
  6. Select the Assignments tab, and then click Edit.
  7. Assign the application to the appropriate users. You can assign it to individual people or to groups. Save your assignments.
  8. On the Okta API Scopes tab, grant consent for the scopes required for your use cases.
  9. Click Save.

Authorize an Account

  1. Click +New Connection.
  2. Select the Okta connector.
  3. In the Connection Nickname field, enter the display name you want to appear in your list of connections.
  4. In the Domain field, enter your Okta org’s domain. If the URL of your Okta org is http://okta.okta.com, then your domain is okta.okta.com.
  5. In the Client ID field, paste the client ID from your OAuth2 app.
  6. In the Client Secret field, paste the client secret from your OAuth2 app.
  7. Click Create.

    Events

    • User Activated

      Trigger a Flow when a user is activated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time that the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service.
      • Version: versioning indicator
      • Admin (object): Okta admin who provisioned the user
        • ID: ID of the Okta Admin
        • Alternate ID: email address of the Okta Admin
        • Display Name: display name of the Okta Admin
      • Okta User (object): the Okta user who was added to the application
        • ID: ID of the Okta user
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identified
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Assigned to Application

      Trigger a Flow when a user is assigned to an application in Okta.

      Unless otherwise indicated, field types are text.

      Options

      • Application (drop-down list): Choose from a list of existing applications in your Okta organization.
      • Application Instance (drop-down list): Choose from a list of existing application instances, dependent on the Application chosen in the previous step.
        • Note: This event will only trigger for the selected application instance.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service.
      • Version: versioning indicator
      • Admin (object): Okta admin who provisioned the user
        • ID: ID of Okta admin who provisioned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was added to the application
        • ID: ID of the Okta user who was added to the application
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • Application User (object): target application’s user details
        • ID: user’s ID in the target application
        • Alternate ID: user’s alternate ID in the target application (usually their email address)
        • Display Name: display name of the Okta user
      • Application (object): target application
        • ID: ID of the target application
        • Alternate ID: alternate ID of the target application
        • Display Name: display name of the target application
      • User Groups (list of objects): if the user is a member of multiple groups, the following fields are returned for each group
        • ID: ID of the group that the user belongs to
        • Name: name of the group that the user belongs to
        • Description: description of the group that the user belongs to
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Assigned to Group

      Trigger a Flow when a user is assigned to a group in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who provisioned the user
        • ID: ID of Okta admin who provisioned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was added to the group
        • ID: ID of the Okta user who was added to the group
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • Group (object): target group that the user was assigned to
        • ID: ID of the target group
        • Alternate ID: alternate ID of the target group
        • Display Name: display name of the target group
      • User Groups (list of objects): if the user is a member of multiple groups, the following fields are returned for each group
        • ID: ID of the group that the user belongs to
        • Name: name of the group that the user belongs to
        • Description: description of the group that the user belongs to
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Created

      Trigger a Flow when a user is assigned to an application in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who created the user
        • ID: ID of Okta admin who created the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was created
        • ID: ID of the Okta user who was created
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Deactivated

      Trigger a Flow when a user is deactivated in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who deactivated the user
        • ID: ID of Okta admin who deactivated the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was deactivated
        • ID: ID of the Okta user who was deactivated
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Deleted

      Trigger a Flow when a user is deleted in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object: Okta admin who deleted the user
        • ID: ID of Okta admin who deleted the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was deleted
        • ID: ID of the Okta user who was deleted
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Unassigned from Application

      Trigger a Flow when a user is unassigned from an application in Okta.

      Unless otherwise indicated, field types are text.

      Options

      • Application (drop-down list): Choose from a list of existing applications in your Okta organization.
      • Application Instance (drop-down list): Choose from a list of existing application instances, dependent on the Application chosen in the previous step.
        • Note: This event will only trigger for the selected application instance.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who unassigned the user
        • ID: ID of Okta admin who unassigned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was unassigned from the application
        • ID: ID of the Okta user who was unassigned from the application
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • Application User (object): target application’s user details
        • ID: user’s ID in the target application
        • Alternate ID: user’s alternate ID in the target application (usually their email address)
        • Display Name: display name of the Okta user
      • Application (object): target application
        • ID: ID of the target application
        • Alternate ID: alternate ID of the target application
        • Display Name: display name of the target application
      • User Groups (list of objects): if the user is a member of multiple groups, the following fields are returned for each group
        • ID: ID of the group that the user belongs to
        • Name: name of the group that the user belongs to
        • Description: description of the group that the user belongs to
        • UUID: webhook event’s universal unique identifier
        • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Unassigned from Group

      Trigger a Flow when a user is unassigned from a group in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who unassigned the user
        • ID: ID of Okta admin who unassigned the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was unassigned from the group
        • ID: ID of the Okta user who was unassigned from the group
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • Group (object): target group that the user was unassigned from
        • ID: ID of the target group
        • Alternate ID: alternate ID of the target group
        • Display Name: display name of the target group
      • User Groups (list of objects): if the user is a member of multiple groups, the following fields are returned for each group
        • ID: ID of the group that the user belongs to
        • Name: name of the group that the user belongs to
        • Description: description of the group that the user belongs to
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Suspicious Activity Reported

      Trigger a Flow when suspicious activity is reported in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the webhook event was published
      • Name: name of the user who reported suspicious activity
      • Email: email address of the user
      • User ID: ID of the user
      • Suspicious Activity Details: details about the suspicious activity reported
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Suspended

      Trigger a Flow when a user is suspended in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who suspended the user
        • ID: ID of Okta admin who suspended the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was suspended
        • ID: ID of the Okta user who was suspended
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • User Unsuspended

      Trigger a Flow when a user is unsuspended in Okta.

      Unless otherwise indicated, field types are text.

      Output

      • Date and Time: date and time the event was triggered in Okta
      • Message: message details about the event
      • Event ID: event’s unique identifier key
      • Event Type: type of event that was published
      • Event Time: timestamp when the notification was delivered to the service
      • Version: versioning indicator
      • Admin (object): Okta admin who unsuspended the user
        • ID: ID of Okta admin who unsuspended the user
        • Alternate ID: email address of the Okta admin
        • Display Name: display name of the Okta admin
      • Okta User (object): Okta user who was unsuspended
        • ID: ID of the Okta user who was unsuspended
        • Alternate ID: email address of the Okta user
        • Display Name: display name of the Okta user
      • UUID: webhook event’s universal unique identifier
      • Full Details (object): entire raw JSON payload returned from the Okta API
    • Custom Webhook

      Choose an event hook and listen for the specified event in Okta that will trigger the Flow in real time.

      Unless otherwise indicated, field types are text.

      Options

      • Event (drop-down list): Choose from a list of event types. The event types in this list directly correspond to the events in the Event Type Catalog Documentation.

      Output

      • Output
        • Date and Time: date and time that the event was triggered in Okta
        • Message: message details about the event
        • Event ID: event’s unique identifier key
        • Event Type: type of event that was published
        • Event Time: timestamp when the notification was delivered to the service
        • Version: versioning indicator
        • Actor (object): Okta user who performed the event operation
          • ID: ID of the Okta user
          • Alternate ID: email address of the Okta user
          • Display Name: display name of the Okta user
        • Targets (list of objects): Okta resources that were operated on (Users, Groups, Applications, Application Users, or others)
          • ID: ID of the Okta resource
          • Alternate ID: alternate ID of the Okta resource
          • Display Name: display name of the Okta resource
        • UUID: webhook event’s universal unique identified
        • Full Details (object): entire raw JSON payload returned from the Okta API

    Actions

    • Create User

      Create a new user in Okta. This action commonly follows an event like User is Added to Application Membership.

      Unless otherwise indicated, field types are text.

      Options

      • Without credentials
      • With recovery question
      • With password
      • With password and recovery questions
      • With authentication provider
      • In group

      For more detail on these options, or additional info regarding creating users in Okta, reference this documentation.

      Input

      Input fields vary by option but will always include the mandatory Okta profile attributes: First Name, Last Name, Email, and Login. Required fields are indicated by a red asterisk.

      • Profile
        • First Name: first name of the Okta user
        • Last Name: last name of the Okta user
        • Email: email address of the Okta user
        • Login: login of the Okta user, in email address format
        • Mobile Phone: mobile phone of the Okta user
      • Credentials
        • Question: password recovery question (must be specified if Answer is specified)
        • Answer: answer to the password recovery question (must be specified if Question is specified)
        • Password: password that meets minimum criteria (see documentation)
        • Provider Name: name of the identity provider. Note that you must specify the directory instance name for  ACTIVE_DIRECTORY or LDAP providers.
        • Provider Type (drop-down list): identity provider type
      • Activate
        • Activate (boolean): user is activated upon creation (see documentation)

      Output

      • Results
        • Raw Body (object): raw payload returned from the Okta API
        • ID: ID of the user created in Okta
        • Status: current status of the user (STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED)
        • Created (date): timestamp when the user was created
        • Activated (boolean): timestamp when transition to ACTIVE status completed
        • Status Changed (date): date that the user’s status changed
        • Last Login (date): timestamp of the user’s last login date
        • Last Updated (date): timestamp of the last user update
        • Password Changed (date): timestamp when password last changed
    • Custom API Action

      Use Custom API Action to make an authenticated request to the Okta API. Reference the Okta API documentation for additional details about working directly with the Okta API.

      Options

      • Request Type (drop-down): use the appropriate request type depending on the endpoint/method
        • GET
        • POST
        • PUT
        • PATCH
        • DELETE

      Input

      • Relative URL (text): Specify the relative URL as /api/v2/{insert_remaining_URL}. You can specify query parameters in the relative URL using “?”, or specify the query parameters as an object key pair in the Query input.
      • Headers (object): Specify any headers required in addition to authorization or content-type (these are already handled by this connector).
      • Query (object): Specify any additional query parameters that should be included in object format (key value pairs).
      • Body (object): Specify a request body in JSON format. Only available for POST, PUT, and PATCH requests.

      Output

      • Response
        • Status Code (number): status code returned by the Okta API
        • Headers (object): HTTP headers returned by the Okta API
        • Body (object): body of the response returned from Okta API
    • Delete User

      Delete a deactivated Okta user by ID. If you use this action on an Okta user who is active, the user will be deactivated. A second Delete User action is required.

      Input

      • User
        • ID (text): ID of the Okta user
        • Send Email? (boolean): send a deactivation email to the administrator if true

      Output

      • Status Code (number): status code returned by the API:
        • 204: Successful deactivation/deletion
        • 404: Invalid ID–either the ID is incorrect or that user has already been deleted
    • Read Group

      Read an Okta group’s information by ID.

      Unless otherwise indicated, field types are text.

      Input

      • Group
        • ID: ID of the Okta group

      Output

      • Properties
        • ID: ID of the Okta group
        • Created: timestamp when the group was created
        • Last Updated: timestamp when the group was last updated
        • Last Membership Updated: timestamp when the group’s memberships were last updated
        • Object Class (list of text): determiner of the group’s profile
        • Type: how the group’s profile and memberships are managed: OKTA_GROUP, APP_GROUP, or BUILT_IN
        • Profile (object)
          • Name: name of the group
          • Description: description of the group
    • Read User

      Read an Okta user’s system information and profile properties by ID or username. Custom added fields are included in the profile properties.

      NOTE: This action will not read information about application users (you will receive a 404 error if the user type is invalid or incorrect). If you need details about an application user, use the ‘Custom API Action’ card, and visit the Okta API Documentation for reading assigned users for an application.

      Unless otherwise indicated, field types are text.

      Input

      • User
        • ID or Login: ID or login username of the Okta user (usually in an email format)

      Output

      • System Properties
        • ID: ID of the Okta user
        • Status: current status of the user: STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED
        • Created (date): timestamp when the user was created
        • Activated (boolean): timestamp when transition to ACTIVE status completed
        • Status Changed (date): date of the user’s last status change
        • Last Login (date): timestamp of the user’s last login date
        • Last Updated (date): timestamp of the user’s last update
        • Password Changed (boolean): timestamp of the user’s last password change
        • Credentials (list)
          • Emails (list): list of emails associated with the user
          • Password (boolean): true if the user has a valid password or imported hashed password, false otherwise
          • Recovery Question (text): recovery question when a user forgets their password
          • Provider (object)
            • Name (text): name of the authentication provider
            • Type (text): type of authentication provider: OKTA, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL or IMPORT
      • Profile Properties
        • City: city or locality component of user’s address
        • Cost center: name of a cost center assigned with the user
        • Country code: country abbreviation
        • Department: name of user’s department
        • Display name: name of the user, suitable for display to end users
        • Division: name of the user’s division
        • Primary email: user’s primary email address
        • Employee number: user’s organizatio- or company-assigned unique identifier
        • First name: user’s first name
        • Honorific prefix: user’s honorific prefix(es) or title in most Western languages
        • Honorific suffix: user’s honorific suffix(es)
        • Last name: user’s last name or family name
        • Locale: user’s default location for purposes of localizing items like currency, date/time format, and numerical representations
        • Username: login username of the user, usually in the form of an email address
        • Manager: display name of the user’s manager
        • ManagerId: ID of the user’s manager
        • Middle name: user’s middle name
        • Mobile phone: user’s mobile phone number
        • Nickname: user’s preferred nickname, if applicable
        • Organization: name of the user’s organization
        • Postal Address: mailing address component of user’s address
        • Preferred language: user’s preferred written or spoken languages
        • Primary phone: primary phone number of user such as home number
        • Profile Url: URL of user’s online profile (a web page)
        • Secondary email: secondary email address of user (typically used for account recovery)
        • State: state or region component of user’s address
        • Street address: full street address component of user’s address
        • Time zone: user’s time zone
        • Title: user’s title, such as Vice President
        • User type: user’s relationship to the organization, such as Employee or Contractor
        • Zip code: zip code or postal code component of user’s address
        • Custom Profile Properties (dynamically generated): additional custom user profile properties that are generated when configuring this card
    • Search Groups

      Search groups with a query. The query performs a starts with match against groups’ name value. You have the option to display the first matching record only or all matching records in a list (up to 300). For more information, review the Okta documentation here.

      Unless otherwise indicated, field types are text.

      Options

      • Option (drop-down list)
        • First Matching Record: returns a single record
        • All Matching Records: returns all matching records, in list format

      Input

      • Query: query string used to find groups by name (for example, to search for groups related to sales, enter a query value of sales)

      Output

      • Result
        • First Matching Record:
          • Raw Body (object): raw payload returned from the Okta API
          • ID: ID of the group in Okta
          • Created (date): timestamp when the group was created
          • Last Updated (date): timestamp of the last group update
          • Last Membership Updated: timestamp of the last update to group’s memberships
          • Object Class (list of text): determiner of the group’s profile
          • Type: how the group’s profile and memberships are managed: OKTA_GROUP, APP_GROUP, or BUILT_IN
          • Profile (object)
            • Name: name of the group
            • Description: description of the group
        • All Matching Records:
          • Groups (list of objects): all matching groups with payload similar to above, in list format
    • Search Users

      Search Okta users with a query. The query performs a starts with match against First Name, Last Name, or Email. You have the option to display the first matching record only or all matching records in a list (up to 200). For more information, review the Okta documentation here.

      Unless otherwise indicated, field types are text.

      Options

      • Option (drop-down list)
        • First Matching Record: returns a single record
        • All Matching Records: returns all matching records, in list format

      Input

      • Query: query string used to find records by first name, last name, or email address (for example, to search for Bob Ross, Bob, Ross, bob.ross@okta.com are all valid query terms)

      Output

      • Result
        • First Matching Record:
          • Raw Body (object): raw payload returned from the Okta API
          • ID: ID of the user created in Okta
          • Status: current status of the user: STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED
          • Created (date): timestamp when the user was created
          • Activated (boolean): timestamp when transition to ACTIVE status completed
          • Status Changed (date): date of the last user status change
          • Last Login (date): timestamp of the user’s last login date
          • Last Updated (date): timestamp of the user’s last update
          • Password Changed (date): timestamp of the user’s last password change
          • First Name: user’s first name
          • Last Name: user’s last name or family name
          • Mobile Phone: user’s mobile phone number
          • Second Email: secondary email address of user (typically used for account recovery)
          • Login: login username of the user (usually in the form of an email address)
          • Email: user’s primary email address
        • All Matching Records:
          • Users (list of objects): all matching users with payload similar to above, in list format
    • Update User

      Update an Okta user’s system information and profile properties by ID or username.

      NOTE: This action will not update information about application users (you will receive a 404 error if the user type is invalid or incorrect). If you need to update an application user, use the ‘Custom API Action’ card, and visit the Okta API Documentation for updating application users.

      Unless otherwise indicated, field types are text.

      Options

      • Update Semantics (drop-down list)
        • Partial: Updates a user’s profile or credentials with partial update semantics. Any properties that are not specified are ignored, and will maintain their current value.
        • Strict: Updates a user’s profile and/or credentials using strict-update semantics. IMPORTANT: All profile properties must be specified when updating a user’s profile. Any property not specified in the request is set to null.

      Input

      • User
        • ID: ID of the Okta user (usually in an email format)
      • Profile

        • City: city or locality component of user’s address
        • Cost center: name of a cost center assigned with the user
        • Country code: country abbreviation
        • Department: name of user’s department
        • Display name: name of the user, suitable for display to end users
        • Division: name of the user’s division
        • Primary email: user’s primary email address
        • Employee number: user’s organization- or company-assigned unique identifier
        • First name: user’s first name
        • Honorific prefix: user’s honorific prefix(es) or title in most Western languages
        • Honorific suffix: user’s honorific suffix(es)
        • Last name: user’s last name or family name
        • Locale: user’s default location for purposes of localizing items like currency, date/time format, and numerical representations
        • Username: login username of the user, usually in the form of an email address
        • Manager: display name of the user’s manager
        • ManagerId: ID of the user’s manager
        • Middle name: user’s middle name
        • Mobile phone: user’s mobile phone number
        • Nickname: user’s preferred nickname, if applicable
        • Organization: name of the user’s organization
        • Postal Address: mailing address component of user’s address
        • Preferred language: user’s preferred written or spoken languages
        • Primary phone: primary phone number of user such as home number
        • Profile Url: URL of user’s online profile (a web page)
        • Secondary email: secondary email address of user (typically used for account recovery)
        • State: state or region component of user’s address
        • Street address: full street address component of user’s address
        • Time zone: user’s time zone
        • Title: user’s title, such as Vice President
        • User type: user’s relationship to the organization, such as Employee or Contractor
        • Zip code: zip code or postal code component of user’s address
        • Custom Profile Properties (dynamically generated): additional custom user profile properties that are generated when configuring this card
      • Credentials

        • Password: string value for the user’s new password
        • Recovery Question: question to enable password recovery for the user
        • Recovery Answer: answer to password recovery question

      Output

      • System Properties
        • ID: ID of the Okta user
        • Status: current status of the user: STAGED, PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, SUSPENDED, or DEPROVISIONED
        • Created (date): timestamp when the user was created
        • Activated (boolean): timestamp when transition to ACTIVE status completed
        • Status Changed (date): date of the user’s last status change
        • Last Login (date): timestamp of the uer’s last login date
        • Last Updated (date): timestamp of the user’s last update
        • Password Changed (boolean): timestamp of the user’s last password change
        • Credentials (list)
          • Emails (list): list of emails associated with the user
          • Password (boolean): true if the user has a valid password or imported hashed password, false otherwise
          • Recovery Question: recovery question when a user forgets their password
          • Provider (object)
            • Name: name of the authentication provider
            • Type: type of authentication provider: OKTA, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL or IMPORT
      • Profile Properties
        • City: city or locality component of user’s address
        • Cost center: name of a cost center assigned with the user
        • Country code: country abbreviation
        • Department: name of user’s department
        • Display name: name of the user, suitable for display to end users
        • Division: name of the user’s division
        • Primary email: user’s primary email address
        • Employee number: user’s organization- or company-assigned unique identifier
        • First name: user’s first name
        • Honorific prefix: user’s honorific prefix(es) or title in most Western languages
        • Honorific suffix: user’s honorific suffix(es)
        • Last name: user’s last name or family name
        • Locale: user’s default location for purposes of localizing items like currency, date/time format, and numerical representations
        • Username: login username of the user, usually in the form of an email address
        • Manager: display name of the user’s manager
        • ManagerId: ID of the user’s manager
        • Middle name: user’s middle name
        • Mobile phone: user’s mobile phone number
        • Nickname: user’s preferred nickname, if applicable
        • Organization: name of the user’s organization
        • Postal Address: mailing address component of user’s address
        • Preferred language: user’s preferred written or spoken languages
        • Primary phone: primary phone number of user such as home number
        • Profile Url: URL of user’s online profile (a web page)
        • Secondary email: secondary email address of user (typically used for account recovery)
        • State: state or region component of user’s address
        • Street address: full street address component of user’s address
        • Time zone: user’s time zone
        • Title: user’s title, such as Vice President
        • User type: user’s relationship to the organization, such as Employee or Contractor
        • Zip code: zip code or postal code component of user’s address
        • Custom Profile Properties (dynamically generated): additional custom user profile properties that are generated when configuring this card
    • Get Users Groups

      Retrieve an Okta user’s current group memberships.

      Unless otherwise indicated, field types are text.

      Input

      • User
        • ID: ID of the Okta user

      Output

      • Groups (list of objects)
        • ID: ID of the Okta group
        • Name: name of the group
        • Description: description of the group
        • Created: timestamp when the group was created
        • Last Updated: timestamp when the group was last updated
        • Last Membership Updated: timestamp when the group’s memberships were last updated