Okta Spoke
-
- UpdatedMay 29, 2025
- 8 minutes to read
- Yokohama
- Now Platform Capabilities
Use Okta to manage users, passwords, and groups.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Integration Hub subscription
This spoke requires an Integration Hub subscription. For more information, see Legal schedules - IntegrationHub overview.
Spoke version
Okta spoke v4.3 is the latest version.
Spoke dependencies
If you’re having trouble installing the app, ensure that these dependent plugins are installed:
- ServiceNow IntegrationHub Action Template - Data Stream (com.glide.hub.action_type.datastream)
- ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
- ServiceNow IntegrationHub Runtime (com.glide.hub.integration.runtime)
- ServiceNow Flow Designer - Dynamic Inputs (com.glide.hub.dynamic_inputs)
- ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
- com.glide.cobject:sys,com.glide.script.vtable
- com.snc.remote_directory_sync
- XML Parser for ServiceNow IntegrationHub (com.glide.hub.action_step.xmlparser)
- Flow Designer Designer Model (com.glide.hub.designer_backend.model)
- Complex Object (com.glide.cobject)
Supported versions
API version v1.
Spoke flows
The Okta spoke provides sample flows in the draft state to demonstrate automating user and group management tasks. To customize a sample flow, copy it to a new application scope. Available sample flows include:
| Flow | Description |
|---|---|
| Add User to Okta Group | When a user is created, adds the user to the specified group. |
| Onboard User in Okta | When a user is created in ServiceNow, creates and activates the user in Okta. |
| Remove Okta Group Membership on Deactivation | When a user is deactivated, removes the user from all Okta groups. |
Spoke subflows
| Subflow category | Subflow | Description |
|---|---|---|
| Webhook management | Check Activate Application Event Hook | Verifies if an event hook for the application-lifecycle-activate exists in Okta. |
| Inbound Integration from Okta to ServiceNow | Allows inbound integration from Okta to a ServiceNow instance. Verifies if an event
hook already exists for an application. If the event hook does not exist, a new event hook
is created. Note: Make sure that Configuration URI field value is in
this format:
https://<instance-name>.service-now.com/api/sn_okta_spoke/oktawebhook |
|
| Group Management | Get Groups | Updates an existing group or creates a group in Okta. |
| Application Management | Create or Update Okta Applications Record | Creates a Okta application record or updates an existing Okta application record. |
Spoke module
Spoke actions
The Okta spoke provides actions to authenticate and manage users and groups. Available actions include:
| Category | Action | Description |
|---|---|---|
| User Management | Activate User | Starts the process of activating a user in Okta by enabling new or returning users to configure their Okta account from an activation URL. This action can either have Okta send the activation URL to the user as an email, or it can return the activation URL as a data pill for use in a later action to send an email or notification. |
| Clear User Session | Clears all active sessions the specified user has with Okta, which forces the user to log back in the next time they use Okta. | |
| Create User | Creates the specified user in Okta with the specified standard, optional, and
mandatory field values. Note: Okta has the ServiceNow_UD application to provision users in
ServiceNow. ServiceNow can also be configured
to provision users in Okta. Hence, ServiceNow administrators must
ensure that circular user creation does not occur. |
|
| Deactivate User | Deactivates the specified user in Okta, which removes the user's groups and application assignments, and changes the user status to DEACTIVATED. This action is commonly used when a user departs the company indefinitely. Note: Do not perform this action on users with a DEPROVISIONED status. |
|
| Delete User | Deletes the specified user within Okta, which completely removes the user. This action is commonly used to clean up your user base after compliance regulations have been met. | |
| Is User Account Locked | Determines if a user account is locked. | |
| Lookup Okta User ID | Retrieves the Okta user ID for the specified Okta login ID or login short name. | |
| Lookup User Account Details by User ID | Retrieves user details for the specified Okta user ID. | |
| Lookup User Profile by User ID | Retrieves user profile details for the specified Okta user ID. | |
| Restart User Activation | Restarts the specified user's activation within Okta. Use this action if the user did not complete their activation with the activation code or link provided by the Activate User Action. | |
| Suspend User | Suspends the specified user within Okta by changing the user status from ACTIVE to SUSPENDED. For example, use this action to suspend access for users who are on temporary leave. To reactivate a suspended user, use the Unsuspend action. | |
| Unsuspend User | Unsuspends the specified user in Okta. | |
| Update User Profile | Updates the user profile details for the specified user in Okta. | |
| Look up Users Stream | Retrieves users from Okta based on the filter value. | |
| Password Management | Change User's Password | Changes the specified user's password after validating the user's current password. |
| Expire User Password | Expires the specified user's password within Okta. This action is commonly used as a reaction to stop breaching attempts. | |
| Reset to Temporary Password | Resets the specified user's password within Okta to a temporary password. This action is commonly used to get a user logged in who has forgotten their password. | |
| Reset User Factors | Resets all of the multi-factor access devices for the specified user within Okta. This action is commonly used when a user loses their multi-factor authentication device or method. | |
| Set User Password | Sets the specified user's password in Okta. | |
| Unlock User | Unlocks the specified user in Okta. | |
| Group Management | Add User To Group | Adds the specified user to the specified group in Okta. |
| Create Group | Creates the specified group in Okta. | |
| Get Groups | Retrieves all new and updated groups in Okta. | |
| Is User In Group | Determines if the specified user is a member of the specified group in Okta. | |
| Lookup Group Details by Group ID | Retrieves group details for the specified Okta group ID. | |
| Lookup Group ID By Name | Retrieves group details and group ID for the specified Okta group name. | |
| Remove User From Group | Removes the specified user from the specified Okta group ID. | |
| Update Group | Updates the group details for the specified Okta group ID. | |
| Look up Groups Stream | Retrieves groups from Okta, based on the filter criteria. | |
| Group Membership Management | Look up Group Members Stream | Retrieves users from the specified Okta group. |
| Look up User Groups Stream | Retrieves the group information from Okta to which the user belongs to. | |
| Application Access Management | Look up Users by Application ID Stream | Retrieves users who have access to the specified application. |
| Look up Groups by Application ID Stream | Retrieves groups who have access to the specified application. | |
| Revoke User Application Access | Revokes access to an application for the required user. | |
| Application Management | Look up Applications Stream | Retrieves applications from Okta, based on the filter criteria. For more information about the criteria you can specify in the Filter input, see List applications in Okta Developer Documentation. |
| Look up Application by Application ID | Retrieves details of the specified application ID in Okta. | |
| Look up App Launcher Applications Stream | Retrieves applications that are either active or are assigned to users. | |
| Logs Management | Look up Okta Logs Stream | Retrieves the logs in Okta that are filtered by the given filter value and within the specified time duration. For more information about the event types and system logs, see Event Types in Okta Developer Documentation. |
| Metadata Retrieval | Look up Additional Fields for User | Retrieves the metadata of the additional fields for a user in Okta. |
| Look up Applications Metadata | Retrieves the metadata of applications in Okta. | |
| Look up Event Hooks Metadata | Retrieves the metadata of the event hooks in Okta. Note: Make sure that you use this
action along with the actions that use Event Hook ID as a dynamic input. |
|
| Look up Groups Metadata | Retrieves the metadata details of the groups in Okta. | |
| Webhook Management | Activate Event Hook | Changes the status of the specified event hook to active in Okta. |
| Create Event Hook | Creates an active event hook in Okta. Note: Make sure that Configuration
URI field value is in this format:
https://<instance-name>.service-now.com/api/sn_okta_spoke/oktawebhook |
|
| Deactivate Event Hook | Sets the status of the specified Okta event hook to inactive. | |
| Look up Event Hook by ID | Retrieves details of the Okta event hook for the specified ID. | |
| Look up Event Hooks | Retrieves details of all the event hooks in Okta. | |
| Update Event Hook | Updates the specified event hook in Okta. Note: Make sure that
Configuration URI field value is in this format:
https://<instance-name>.service-now.com/api/sn_okta_spoke/oktawebhook |
|
| Verify Event Hook | Verifies and retrieves an external service endpoint configured for an event hook in Okta. |
Available AI agents
Install Now Assist for Spokes and start using the available AI agents. For more information, see Now Assist for Spokes.
- In the ServiceNow agentic system, you can create an agentic workflow that comprises of a set of large language model (LLM) instructions along with one or more standalone AI agents to execute an objective. See Create an agentic workflow for information about adding AI Agents to create agentic workflows as per your requirement and provide the required trigger.
You can also search for other available AI agents and add them to your agentic workflow. See Find AI agents for more information.
- You can create a clone of the required spoke AI agent and customize it as per your requirement. See Duplicate an AI agent for more information about creating a clone.
- See Now Assist AI Agents for information about AI agents.
There may be AI agents installed with the Now Assist application that are not used in agentic workflows. To learn how to see all agents that are available to you, see Find AI agents.
Okta account requirements
The Okta spoke requires generating and configuring your Okta account to use a web API key.
Credential and connection alias requirements
Integration Hub uses aliases to manage connection and credential information. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using multiple environments. If the connection or credential information changes, you don't need to update any actions that use the connection. For more information, see Connections and Credentials.
This spoke uses the Okta Connection & Credential Alias record to authorize actions. For information about setting up the spoke, see Set up Okta spoke.
MID Server requirements
These actions use REST calls that can run either on an instance or, optionally, through a MID Server. Use the connection record associated with the Okta alias to configure where actions run and, if needed, specify MID Server selection attributes. For more information, see MID server.
To set up the MID Server for this spoke, see Set up MID Server for a spoke.