Need more options? Use Custom API Actions!

Need more options? Use Custom API Actions!

Okta Workflows provide many connectors to end systems with a great variety of actions available. But like it often is with tools like this, that -one- option that we found in the systems API documentation, just is not available among the connector action cards. However, there is a hero on the horizon and to the rescue: custom API action.

Andreas is a cloud architect in Cloudworks and an Okta Technical Champion. He is helping customers on their digital Identity journey by designing and implementing complex IAM solutions. These have a high amount of automation to achieve high impact with minimal user friction.

  This is a technical description in a series about Okta Workflows

Custom API action cards

Many Okta Workflows connectors have the option of using the action card “custom API action”. These cards are generic API call with POST/GET/PUT/PATCH/DELETE towards the end system that is configured in the connector.

For example, in the OKTA API we can trigger a forgot password reset for a user by calling “/api/v1/authn/recovery/password” with a JSON body containing the username and the factor to be used for the reset.

ForgotPasswordOkta API documentation "Forgot password" part 1

Forgot-passwordOkta API documentation "Forgot password" part 2

With this information at hand, we can simply use this in an Okta Workflow together with the available Okta custom API action, even if we do not have this option available in the list of pre-defined actions:

CustomApiActionExample trigger "Forgot password" API through Okta custom API action

Of course, there is also the generic API connector available in the actions, but the benefits of the “custom API action” is the connector that is configured in the Okta Workflow connections.

API-ConnectorGeneric API Connector in the Okta Workflows

We are just leveraging the existing access and permissions to call the custom API call without the requirement to take care of authentication to the API endpoint, which – for some APIs – can be bothersome. Of course, the access configured requires sufficient rights in the endpoint. These can exceed the access rights that the connector usually requires.


Currently Custom API Actions are available for these connectors: