I hit my head against this fun problem this week. Running an Okta card and using a Custom API action, I got the error The access token provided does not contain the required scopes.

The answer? Navigate to the Okta Workflows OAUTH App in the Admin Dashboard, go to the Okta API Scopes tab, and then click Grant next to the API scope you require.

Now comes the key part – you’re not finished yet! You have to next re-authorize Okta Workflows to use this OAUTH app. To do so, navigate to your Okta connection in Workflows and enter your Okta Domain (ie. company.okta.com) as well as the Client ID and Client Secret found on the Sign On page for your Okta Workflows OAuth application. Then click Reauthorize and then within a few minutes, your API call in workflows will work! Magic.