Okta Workflows OAuth App API scope

I have a question.

My eventual goal with Okta workflows is to allow the Custom API Action call to Okta for reading admin roles of a group and assigning a target group for an admin role. The admin role is USER_ADMIN and my call to read an admin role of a group is /api/v1/groups/group_id/roles.

I assigned the okta.groups.read, okta.groups.manage, and okta.roles.read Okta API Scopes to the OAuth Workflows app. I also have already re-authorized. My question is, why am I still getting the 403 forbidden error when trying to read a group? Is there any other combination of scopes that follow the concept of least privilege? Do I need to enable the okta.roles.manage in order to read a groups admin role?

Try authenticating again. Another option is to create a new connection, which usually helps with scope issues.

Also, the 403 scope error usually shows what scope is missing.

Thank you for the reply, creating a new connection does help the scope issue. Now that I know this, I will define out all of the necessary scope and then create a new connection as I do not see the scope changing much in the near future.

Great, glad it’s working!