Okta · Arazzo Workflow

Okta Provision Admin User

Version 1.0.0

Create a user and immediately grant them an administrator role.

1 workflow 1 source API 1 provider
View Spec View on GitHub IdentityWorkforce IdentityCustomer IdentityAuthenticationAuthorizationSingle Sign-OnMulti-Factor AuthenticationIdentity GovernancePrivileged AccessAI AgentsCross-App AccessMCPPlatformArazzoWorkflows

Provider

okta

Workflows

provision-admin-user
Create a user and assign them an admin role.
Creates and activates a user, then assigns a role of the supplied type to the new user.
2 steps inputs: email, firstName, lastName, login, oktaApiToken, roleType outputs: roleId, userId
1
createUser
createUser
Create and activate the new user from the supplied profile.
2
assignRole
assignRoleToUser
Assign the supplied admin role type to the newly created user.

Source API Descriptions

openapi
oktaApi https://raw.githubusercontent.com/api-evangelist/okta/refs/heads/main/openapi/okta-openapi-original.yml

Arazzo Workflow Specification

okta-provision-admin-user-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Okta Provision Admin User
  summary: Create a user and immediately grant them an administrator role.
  description: >-
    Stands up a new administrator in a single flow. The workflow creates and
    activates a user from a profile, then assigns a standard Okta admin role to
    that newly created user. The new user id is chained from creation into the
    role assignment. Every step spells out its request inline, including the
    SSWS API token header, so the flow can be read and executed without opening
    the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: oktaApi
  url: ../openapi/okta-openapi-original.yml
  type: openapi
workflows:
- workflowId: provision-admin-user
  summary: Create a user and assign them an admin role.
  description: >-
    Creates and activates a user, then assigns a role of the supplied type to
    the new user.
  inputs:
    type: object
    required:
    - oktaApiToken
    - login
    - email
    - firstName
    - lastName
    - roleType
    properties:
      oktaApiToken:
        type: string
        description: Okta API token used for the SSWS Authorization header.
      login:
        type: string
        description: The unique login (username) for the new user.
      email:
        type: string
        description: The primary email address for the new user.
      firstName:
        type: string
        description: The given name for the new user.
      lastName:
        type: string
        description: The family name for the new user.
      roleType:
        type: string
        description: The admin role type to grant (e.g. SUPER_ADMIN, ORG_ADMIN, APP_ADMIN).
  steps:
  - stepId: createUser
    description: >-
      Create and activate the new user from the supplied profile.
    operationId: createUser
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: activate
      in: query
      value: true
    requestBody:
      contentType: application/json
      payload:
        profile:
          login: $inputs.login
          email: $inputs.email
          firstName: $inputs.firstName
          lastName: $inputs.lastName
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/id
  - stepId: assignRole
    description: >-
      Assign the supplied admin role type to the newly created user.
    operationId: assignRoleToUser
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: userId
      in: path
      value: $steps.createUser.outputs.userId
    requestBody:
      contentType: application/json
      payload:
        type: $inputs.roleType
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      roleId: $response.body#/id
  outputs:
    userId: $steps.createUser.outputs.userId
    roleId: $steps.assignRole.outputs.roleId