Short and handy Okta Workflows tips and tricks. Read the full series.

If you get this error:

Cannot activate the flow. Webhook registration failed (403 Forbidden error)

In Okta Workflows, this error almost always comes down to the required Admin role or missing API scopes.

Admin role

Ensure the Okta connection in Workflows is authorized by a Super Admin, as this is required to manage event hooks for event-triggered flows.

Scopes

Confirm that the connection includes the following scopes:

1. okta.eventHooks.read
2. okta.eventHooks.manage

You must set the scopes in the Okta Workflows OAuth application, and also when creating a new connection from Workflows.

Reauthorize

Once you have verified the permissions and scopes, reauthorize the connection in the Connections tab. Finally, return to your flow and toggle it to On to trigger the webhook registration.

More resources

• “Failed to activate webhook” or “Cannot activate Flow. Webhook registration failed” Okta Error Enabling an Event Triggered Workflow (KB article).
• 403 Forbidden – cannot activate the flow. Webhook registration failed (forum).

Okta Workflows resources

• 🚀 New to Okta Workflows? The Getting Started with Okta Workflows page has all the resources to help you get started.
• 📺 Like learning from videos? Watch Okta Workflows videos.
• ❓Have a question? Ask during community office hours or post on the community forum.
• 🙋‍♀️ Want to learn from the community? Join the #okta-workflows channel on the Mac Admins Slack.
• 📖 Want to learn more about identity automation? Take the Okta Workflows training on Okta Learning.