Okta experienced a major incident on June 10, 2024 affecting Workflows, lasting 8d 11h. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- resolved Jun 10, 2024, 12:42 PM UTC
In production cells, from about 5:44 AM Pacific to 9:36 AM Pacific today (June 10th), customers utilizing the Microsoft Teams connector will have seen (Teams for Okta Workflows) is not configured as a multi-tenant application" errors on their actions/flows. Steps have been taken to resolve this, and the team is confirming the resolution now. Additional root cause information will be available within 5 Business days. Affected cells: okta-emea.com:1, okta.com:1, okta.com:2, okta.com:3, okta.com:4, okta.com:6, okta.com:7, okta.com:8, okta.com:9, okta.com:11, okta.com:12, okta.com:14, okta.com:16
- resolved Jun 19, 2024, 12:05 AM UTC
We sincerely apologize for any impact this incident has caused to you, your business, and your customers. At Okta trust and transparency are our top priorities. Outlined below are the facts regarding this incident. We are committed to implementing improvements to the service to prevent future occurrences of this incident. Detection and Impact: On June 10th, at 8:53AM PT, Okta was alerted to a few customers experiencing errors in their Workflows for the Microsoft Teams connector. Users of Okta Workflows in all cells would have experienced errors authenticating, managing, building or executing workflows that used the Microsoft Teams connector cards. Root Cause Summary: This issue was a result of an internal security policy enhancement that was applied to the OAuth client apps used by the Microsoft Teams Connector. The policy was too restrictive and resulted in traffic being denied to the affected endpoints causing an outage for the specific OAuth client app. Due to the on-behalf nature of the authentication, customer facing Microsoft OAuth client apps were not present in our internal Microsoft Azure staging environment, therefore this scenario was not caught during testing. Remediation Steps: The change was implemented at 5:32AM PT. Immediately upon receiving the support requests at 8:53AM PT, Okta began to diagnose the problem. The issue was identified at 9:36AM PT and the application configuration change was reverted at that time. Okta confirmed at 9:43AM PT that the errors were no longer being observed. For customers who may have tried to reauthenticate during the impacted timeframe, they may have needed to reauthenticate again after the restoration had taken place. Preventative Actions: Okta has already implemented an immediate change control process and is reviewing a number of opportunities to enhance our monitoring capabilities in these areas to prevent this issue from recurring. Okta has also added monitoring to rapidly detect this category of error. Duration (# of minutes): 244