Inline hook not called after creating a new access policy

When I originally used the default access policy and selected my inline hook (keeping all other defaults), the inline hook was called when my app signed in.

However, I created a custom access policy, with my app selected in the rule. I set the same settings as what I did in the default access policy, but now my inline hook is not being called. (I removed the inline hook option from the default access policy as well.)

Is there more that needs done in order to use a new access policy?

Your inline hook is configured on the access rule, not the access policy, so if you made a new access policy, you will need to make a new access rule under that policy to trigger the inline hook.

Hi Andrea. I apologize, I should have made it more clear. I did actually add an access rule which is associated to my okta app. I then associated the access rule to the access policy and pointed it to my inline hook.

The only difference between the default rule/access policy and the new rule/access policy is the application selected. But I’ve confirmed I’m hitting the correct application.

And I’m guessing you don’t see anything in your system log showing that the hook is being triggered, successfully or otherwise, when a token is requested that should encounter this policy?

Thanks for you response Andrea. Sorry I haven’t responded until now.

You are correct in that I don’t see anything in the okta logs for my app indicating the hook was triggered (or any other log when I use “hook” as the keyword search).

In our dev application which also had the same issue, an admin added a group claim expression that seems to have made it work for the dev application. But I don’t fully understand why that worked. (Or why it was needed)