Dynamic AWS Access Group Workflow

nada · June 12, 2025, 5:56pm

I need help with a workflow integrating PagerDuty and an AWS access group in Okta. The group needs to be dynamic based off reading the on-call schedules in PagerDuty.

The idea:
Every week I want an Okta workflow to run (Monday at 12pm EST) and read multiple on-call schedules in PagerDuty. Once it reads those schedules I want the workflow to add/remove users dependent on the on-call schedules.

Reason:
We want to be able to lock down how many users have access to AWS Runner Pods. We only want users who are on-call that week to be able to access it.

Question:
I’ve been messing around on how to do this in workflows, but I end up coming across a lot of different variations of a solution. I want the easiest possible - is this possible on just the PagerDuty connector in Okta Workflows?

maxkatz · June 12, 2025, 6:28pm

Hi @nada: welcome to the forum!

The PageDuty connector has several actions that I think you can use:

If the above actions are not what you need, you can also use the PagerDuty—Custom API Action to call any PagerDuty API. You will reuse the PagerDuty connection, but specify the API endpoint. The Understanding Okta Workflows Connectors blog post has information about using a Custom API Action card.

Also, feel free to share screenshots of your flows here if you need more help!

Post		Replies	Views
Okta- Amazon Connect Users Questions	1	4392	January 12, 2024
Programmatic access for AWS Questions	1	5624	January 12, 2024
AWS Custom Authorizer for API Gateway OAuth/OIDC	3	11498	July 26, 2018
Pull logs tied to a specific group Questions	1	3916	January 17, 2024
Use OKTA Groups in AWS Cognito Questions	1	3713	February 8, 2024

Dynamic AWS Access Group Workflow

Related topics