Can Okta Workflows control application access using solely API tokens?

Okta Workflows are primarily designed to manage user access to applications and resources based on various events and conditions. While API tokens can be an important part of integration and automation, Okta Workflows themselves do not control access solely through API tokens. The primary basis for managing access in Okta revolves around user permissions and attributes, which can be configured in the admin dashboard.

User permissions dictate who has access to what resources within a given application. This ensures that the access is tied to the identity and role of the user rather than just a token. API tokens can facilitate communication between Okta and other systems, but they are not a standalone solution for access management within Okta workflows. Thus, relying solely on API tokens would not provide the necessary security and identity management that Okta is designed to enforce through user permissions.