Welcome to another Okta Workflows Tips post. Read all other tips.
In this post:
- Using Okta Workflows to automate user deprovisioning via Slack
- Verify outcome prior to processing Okta user actions
- Updating a custom attribute with last login from Okta dashboard or from an SP-initiated login (using SSO)
- And some (cool) keyboard and mouse shortcuts!
Using Okta Workflows to Automate User Deprovisioning via Slack
This tip is from Pete Viri. Pete is an Okta Certified Professional, with over of 10 years of IT experience currently working as a Systems Engineer at Airtable. Pete also hangs out at MacAdmins Slack #okta-workflows channel.
This tip is a link to a great guide on how to use Okta Workflows to automate user deprovisioning via Slack.
Slack apps are a great way to integrate a variety of SaaS applications into its platform. Okta Workflows is no exceptionand works particularly well since it supports webhook triggers via its API Endpoint trigger card. We can setup flows using this to help automate the user lifecycle deprovisioning process to fill in the gaps that SCIM or other offboarding automations may not cover.
https://paper.dropbox.com/doc/Using-Okta-Workflows-to-Automate-User-Deprovisioning-via-Slack–BdYQuHOg~4bfyKjpC~xXuiGfAg-orNKxky5yAdc7f2dNu5Dr
Continue reading Pete’s excellent guide on how to deprovision users via Slack.
Verify outcome prior to processing Okta user actions
This tip is from AJ Ahrens, Workflows Team Lead at Okta.
Okta events (user created, deactivated, activated, etc) trigger on failure or success.
To ensure that a workflow only continues processing on success, add a Branching – Continue If card for the outcome.result (from Event Details in the trigger event) and check its value for SUCCESS. If the condition is true (outcome.result == SUCCESS) only then continue to process the flow. If the condition is false the flow process will stop (end).
Updating a custom attribute with last login from Okta dashboard or from a SP-initiated SSO
This tip is from AJ Ahrens, Workflows Team Lead at Okta.
Okta core Last Login attribute only gets updated if a user logs into the dashboard and doesn’t get updated if they login from a 3rd party application like Gmail, Workday and many others. The 3rd party login is also called an SP-initiated SSO (Service Provider initiated SSO). This makes creating a deactivation process difficult when the last login field is not providing all of the information.
You can build a workflow to update a custom attribute based on events retrieved from Okta’s system log. The published field is when the action (either logging into Okta dashboard or app sign on) happened.
And some (cool) keyboard and mouse shortcuts!
This tip is from Gabriel Sroka, Okta expert and developer of the rockstar Chrome extension. Gabriel also hangs out in the MacAdmins #okta-workflows Slack community.
You can use Ctrl+S (Windows) and Command+S keyboard shortcuts to save a flow.
And, and one more. Click a mapping variable (like Display Name ) and its connection line will stay on. Click another variable and the connection line will turn off. Something cool you can definitely use for taking screenshots 📸.
Two resources to help you learn more:
📌 Try this step-by-step getting started tutorial: Build Your First Automation With Okta Workflows: Notify When User Is Suspended.
📌 All the Workflows resources (docs, tutorial, office hours, templates, office hours and more)
Top comments (0)