DEV Community

Max Katz for Okta Workflows

Posted on • Originally published at maxkatz.net on

Workflows Tips #12: Deprovisioning via Slack, Conditional Processing, Updating Last Login, and a Keyboard Shortcut

Welcome to another Okta Workflows Tips post. Read all other tips.

In this post:

  • Using Okta Workflows to automate user deprovisioning via Slack
  • Verify outcome prior to processing Okta user actions
  • Updating a custom attribute with last login from Okta dashboard or from an SP-initiated login (using SSO)
  • And some (cool) keyboard and mouse shortcuts!

Using Okta Workflows to Automate User Deprovisioning via Slack

This tip is from Pete Viri. Pete is an Okta Certified Professional, with over of 10 years of IT experience currently working as a Systems Engineer at Airtable. Pete also hangs out at MacAdmins Slack #okta-workflows channel.

This tip is a link to a great guide on how to use Okta Workflows to automate user deprovisioning via Slack.

Start user off-boarding

Start user off-boarding

User off-boarding actions

User off-boarding actions

Slack apps are a great way to integrate a variety of SaaS applications into its platform. Okta Workflows is no exceptionand works particularly well since it supports webhook triggers via its API Endpoint trigger card. We can setup flows using this to help automate the user lifecycle deprovisioning process to fill in the gaps that SCIM or other offboarding automations may not cover.

https://paper.dropbox.com/doc/Using-Okta-Workflows-to-Automate-User-Deprovisioning-via-Slack–BdYQuHOg~4bfyKjpC~xXuiGfAg-orNKxky5yAdc7f2dNu5Dr

Continue reading Pete’s excellent guide on how to deprovision users via Slack.

Verify outcome prior to processing Okta user actions

This tip is from AJ Ahrens, Workflows Team Lead at Okta.

Okta events (user created, deactivated, activated, etc) trigger on failure or success.

To ensure that a workflow only continues processing on success, add a Branching – Continue If card for the outcome.result (from Event Details in the trigger event) and check its value for SUCCESS. If the condition is true (outcome.result == SUCCESS) only then continue to process the flow. If the condition is false the flow process will stop (end).

Check condition before continuing flow process

Check condition before continuing flow process

Testing if to continue processing the flow

Testing if to continue processing the flow

Updating a custom attribute with last login from Okta dashboard or from a SP-initiated SSO

This tip is from AJ Ahrens, Workflows Team Lead at Okta.

Okta core Last Login attribute only gets updated if a user logs into the dashboard and doesn’t get updated if they login from a 3rd party application like Gmail, Workday and many others. The 3rd party login is also called an SP-initiated SSO (Service Provider initiated SSO). This makes creating a deactivation process difficult when the last login field is not providing all of the information.

You can build a workflow to update a custom attribute based on events retrieved from Okta’s system log. The published field is when the action (either logging into Okta dashboard or app sign on) happened.

And some (cool) keyboard and mouse shortcuts!

This tip is from Gabriel Sroka, Okta expert and developer of the rockstar Chrome extension. Gabriel also hangs out in the MacAdmins #okta-workflows Slack community.

You can use Ctrl+S (Windows) and Command+S keyboard shortcuts to save a flow.

And, and one more. Click a mapping variable (like Display Name ) and its connection line will stay on. Click another variable and the connection line will turn off. Something cool you can definitely use for taking screenshots 📸.

A workflows with connections line on

A workflows with connections line on

Two resources to help you learn more:

📌 Try this step-by-step getting started tutorial: Build Your First Automation With Okta Workflows: Notify When User Is Suspended.

📌 All the Workflows resources (docs, tutorial, office hours, templates, office hours and more)

Top comments (0)