Okta Hooks: Unlock Extensibility

Okta Hooks Blog post

There have historically been two types of integration in the Okta Integration Network: single sign-on for access and lifecycle management for provisioning and deprovisioning. Today, we’re pleased to launch a new, third type of integration: Okta Hooks. Okta Hooks enables customers to use their own code to easily customize Okta policies and behaviors, creating completely new types of custom integrations and downstream workflows—all tied to identity. Okta Hooks gives developers the ability to advance, secure, and customize their identity layer, while bringing deep customization to the platform. This also enables them, along with partners and customers, to develop purpose-built logic, extending the Okta Identity Cloud in exciting new ways.

The desire to extend and leverage identity throughout an organization’s workflows should come as no surprise in our digital world. The role identity plays in how developers create tailored, omni-channel customer experiences has expanded dramatically, and this is only the beginning. But as important as identity is, securing and customizing a central identity service within the context of a distributed, microservices architecture creates significant challenges for both developers and IT. Developers need to have the ability to modify identity policy or workflow, and integrate to any number of MarTech, CRM, ERP, HR, or other business systems and processes — all without taking on the security and resource burdens that come with a DIY approach.

Modify a workflow or send an event

With a relatively small amount of code, Hooks gives developers the power to alter their Okta policies and behaviors and enjoy customized integrations. Read on for the two varieties of Okta Hooks.

Inline Hooks

Inline Hooks enable developers to pause an Okta flow in order to add information or make a decision. Specifically, through an HTTP request, a non-Okta source can infuse additional information to modify a running request within Okta. Example: a developer at an airline company can use an Inline Hook during their new user Okta registration flow. During this flow, the user’s email address is validated based on the custom logic stored in the airline company’s server. The resulting validation decision can then be used by Okta to allow or deny registration of this new user. Other examples include:

  • Identity proof or validate a registering user through the registration flow
  • Use information from external databases in minting OAuth tokens or generating SAML assertions
  • Enrich profile information from an HR or CRM system during imports

Event Hooks

Event Hooks notify a customer’s downstream services via HTTP POST when an event of interest occurs in Okta. Example: when a User Deleted event occurs in Okta, the customer can then receive an Event Hook to either update their CRM system with information about the deleted user or create a ticket for their IT Helpdesk. Other examples include

  • Enroll new users into an email marketing campaign
  • Push profile changes to marketing systems
  • Automate IT service management


Okta Hooks, an advance in extensibility, is a new core function of the Okta Identity Cloud. We’re excited to make it available in Early Access today. The combination of Hooks and the Okta Identity Engine allows customers to build and support trusted, tailored user journeys with secure, customer developer customization.

For more specific details about Okta Hooks, visit: https://www.okta.com/hooks/.