.. configure-workflow-connections.rst .. _configure-workflow-connect: ===================================== Configuring Workflow Connections ===================================== In this step you will authorize and configure the **Create shipment** workflow connections. .. _connection-authorize: Generating an Authorization Token ==================================== When you add a Yubico card to a flow the first time you are prompted to authorize the connection. This requires an API token for your organization, generated in the YubiEnterprise Console. Once you have configured the connection and saved the API token, you can reuse it for other YubiEnterprise-related actions. To generate the token if not already done, see `Generating API Tokens `_ Creating Connection from Okta Org ====================================== Do the following to create the connection from the *Okta org*: 1. In the **Okta Admin** console, open **Workflows** and click **Connections** > **New Connection**. 2. Locate and select the **Okta** connector icon. 3. Add a display name for the connection in the **Name** field, and provide a description. .. image:: graphics/okta-connector.png :width: 400 4. Enter the **Client ID** and **Client Secret** values provided in Okta Workflows OAuth. 5. In the **Domain** field, enter your Okta org domain without ``https://``, for example, company.okta.com. If your org uses a custom domain, enter the custom domain. 6. Click **Create**. Creating Connection from Yubico Org ======================================== Do the following to create a connection from the *Yubico org*: 1. If not already done, generate an API token as described in :ref:`connection-authorize`. Save the API token in a location from where you can easily copy and paste it. 2. In the **Okta Admin** console, open **Workflows** and click **Connections** > **New Connection**. 3. Locate and select the **Yubico** connector icon. 4. Provide a display name for the connection in the **Connection Nickname** field, paste the previously generated API token into the **API Secret** field. .. image:: graphics/Admin21.png :width: 400 5. Click **Create**. Updating the Create Shipment - Group Add Flow ================================================ If requesting a pre-registered YubiKey via the :ref:`Group Add ` flow, you will need to add customization and product IDs to the Create shipment - Group Add flow as described in the following: 1. In the **Okta Admin** console, open **Workflows**, select **Flows** and open the **Create shipment trigger - Group add** workflow. .. image:: graphics/okta-group-add-trigger.png :width: 800 2. In the **Create shipment** page, open the dropdown menu on the **Edit Conditions** card. .. image:: graphics/edit-conditions.png :width: 800 3. Update the fields as described below using input values provided by Yubico during onboarding of your organization. Note that in this example, the ``product_id`` is "1" for key model *YubiKey 5 NFC* and "29" for key model *YubiKey 5C NFC*. For more information, see LINK. a. **If product_id** (for *YubiKey 5 NFC*): Your Customization ID. b. **If inventory_product_id**: Your Subscription ID. c. **Else if product_id** (for *YubiKey 5C NFC*): Your Customization ID. d. **Else if inventory_product_id**: Your Subscription ID. .. image:: graphics/cid-config3.png :width: 800 4. Click **Save**.