Okta Workflows How-To: Determine User Sign-In Location

Okta Workflows is a no-code platform for automating identity processes. 

This blog post is based on a question asked during office hours or the #okta-workflows channel in MacAdmins Slack: How to determine user sign-in location information? 

This how-to is based on WorkflowsTip #8, from Ashwin Ramnarayanan, Solutions Engineer at Okta.

Determining location

When you use the Okta – User Sign In Attempt event card, the event has information about the user’s geolocation. 

workflows howto user geolocation2Using User Sign In Attempt event card

The Event Details JSON section has information that also includes the geolocation information. 

To retrieve the location information, use the Get Multiple card with the client.geographicalContext path. 

For example, if a user signs in from San Diego, the JSON might look like this: 

  "city": "San Diego",
  "state": "California",
  "country": "United States",
  "postalCode": "92014",
  "geolocation": {
    "lat": 32.7157,
    "lon": -117.1610

The other path in the Get Multiple card, the client.outcome, holds information on whether the sign-in was successful or not. 

JSOM from a failed sign-in:

  "result": "FAILURE",

JSON from a successful sign-in:


Next, you are going to see how to build a flow that sends a notification when a user signs in from a particular country. 

Sending a sign-in notification

In this section, you are going to update the flow to get a notification when a sign-in happens from a specific country. 

When a user signs in from a country in the Workflows table (shown below), you want to get notified. 

workflows howto user geolocation country tableCountry table

The flow looks like this: 

workflows howto user geolocation flow finalA flow to notify when a sign-in happens from a country

The flow has the following cards: 

  1. The User Sign In Attempt event cards fires when a user attempts a sign-in
  2. The Get Multiple card retrieves country and sign-in outcome information. The card is updated to retrieve the country name and sign-in outcome directly (in the first section, you retrieved the JSON). Paths to retrieve the exact values: 
    • client.geographicalContext.country
    • outcome.result
  3. The Search Rows card searches if a country from which a sign-in happened matches a country listed in the tableworkflows howto user geolocation search rows condition
  4. The first Continue If card checks if a country was matched. If yes, the flow continues
  5. The second Continue If cards checks if a sign-in was successful. If yes, the flow continues
  6. The Compose card creates a message with sign-in information. You can send the message to Slack, email, or SMS

What you learned

You learned how to determine sign-in location information. You also learned how to build a flow that allows sending a notification when a sign-in happens from a particular country.

More resources