Okta Workflows How-To: Determine User Sign-In Location
Okta Workflows is a no-code platform for automating identity processes.
This blog post is based on a question asked during office hours or the #okta-workflows channel in MacAdmins Slack: How to determine user sign-in location information?
This how-to is based on WorkflowsTip #8, from Ashwin Ramnarayanan, Solutions Engineer at Okta.
Determining location
When you use the Okta – User Sign In Attempt event card, the event has information about the user’s geolocation.
Using User Sign In Attempt event card
The Event Details JSON section has information that also includes the geolocation information.
To retrieve the location information, use the Get Multiple card with the client.geographicalContext path.
For example, if a user signs in from San Diego, the JSON might look like this:
{ "city": "San Diego", "state": "California", "country": "United States", "postalCode": "92014", "geolocation": { "lat": 32.7157, "lon": -117.1610 } }
The other path in the Get Multiple card, the client.outcome, holds information on whether the sign-in was successful or not.
JSOM from a failed sign-in:
{ "result": "FAILURE", "reason": "INVALID_CREDENTIALS" }
JSON from a successful sign-in:
{"result":"SUCCESS"}Next, you are going to see how to build a flow that sends a notification when a user signs in from a particular country.
Sending a sign-in notification
In this section, you are going to update the flow to get a notification when a sign-in happens from a specific country.
When a user signs in from a country in the Workflows table (shown below), you want to get notified.
Country table
The flow looks like this:
A flow to notify when a sign-in happens from a country
The flow has the following cards:
- The User Sign In Attempt event cards fires when a user attempts a sign-in
- The Get Multiple card retrieves country and sign-in outcome information. The card is updated to retrieve the country name and sign-in outcome directly (in the first section, you retrieved the JSON). Paths to retrieve the exact values:
- client.geographicalContext.country
- outcome.result
- The Search Rows card searches if a country from which a sign-in happened matches a country listed in the table
- The first Continue If card checks if a country was matched. If yes, the flow continues
- The second Continue If cards checks if a sign-in was successful. If yes, the flow continues
- The Compose card creates a message with sign-in information. You can send the message to Slack, email, or SMS
What you learned
You learned how to determine sign-in location information. You also learned how to build a flow that allows sending a notification when a sign-in happens from a particular country.
More resources
- 🍫 Get help from Workflows specialists during weekly community office hours.
- 📺 Learn from Workflows videos.
- 🛟 Get help from support: discuss a Workflows topic or ask a question.
- 🙋🏻♀️ Join the #okta-workflows channel on MacAdmins Slack to learn and get help from the community.
Follow Max Katz
