Okta Workflows Tutorial: Notify When a User Is Suspended
Okta Workflows is a no-code platform for automating identity processes.
Introduction
This step-by-step tutorial will show you how to build a no-code workflow that sends a notification when a user is suspended in Okta.
You will learn the following:
- How to build your first flow
- How to trigger a flow when a user is suspended
- How to send an email when a user is suspended
- How to test individual cards and the flow
The flow you will build looks like this:
Send email notification when a user is suspended
Before you begin
To complete this tutorial, you need to have access to Workflows. Check if you can access Workflows by going to Okta organization > Admin > Workflows > Workflows console.
Workflows console
If you don’t have Workflows in your organization, please reach out to your Customer Support Manager to enable the Workflows Starter plan (I know, this sucks). Or, reach out to me, and I will help you 🙌.
What is Okta Workflows?
Okta Workflows is a no-code platform that allows you to build automations to help with identity processes. For example, you can build the following workflows without asking IT or developers for help:
- Reset password, and end user sessions when suspicious activity is detected
- Give or remove user access to applications
- Send notifications (Slack, email, and others) when a user is activated or suspended (this tutorial)
- Create basic reports
This is a short list of what is possible.
Creating a new flow
To start, you are going to create a new flow:
- In the Workflows console, click Flows
- Click + New Flow to create a new flow
- Click Unnamed (upper left corner)
- For name, enter User Suspended Notification
- It is also a good idea to enter a description This flow will send a notification when a user is suspended
- Also check the Save all data that passes through the Flow? checkbox. You will be using this capability at the end of this tutorial
- Click Save to save flow name and description
You created your first flow!
New flow
In the next section, you will learn how to invoke a flow when a user is suspended.
Using the User Suspended event to trigger the flow
You want to run the flow when a user is suspended. Look at the image above, in the first box it says When this happens. The this — is when a user is suspended.
To add a trigger event for this flow:
- Click Add event
- Select Okta from the apps list
- In the Okta events menu, look for and select User Suspended
- If this is your first flow then you also need to create a connection to Okta. Click +New Connection
- If you already have a connection, you can use it
- Set the Connection Nickname field name to Okta
- For the Domain field enter your domain name without the http://
- Open the Admin Console in a new browser tab and go to Applications > Applications
- Select Okta Workflows OAuth
- Click on Sign On tab
- Copy the Client ID, return to Workflows console and paste it into the Client ID field in the New Connection window
- Copy the Client secret and paste it into the Client Secret field in the New Connection window
- Click Create to authenticate and add a connection
Your flow will look like this:
Flow with the User Suspended event
Workflows will monitor for this event (user suspended), and when a user is suspended in an organization, this flow will be invoked.
The output fields that you see in the User Suspended card, that’s the information that the card makes available (when the event is fired). You can use any of the fields in other flow steps.
In the next section, you will create a message to be shared via email.
Creating a message
To create a message, you are going to use the Compose card.
In the previous section, you learned about how an event can invoke a flow. Other flow components are app actions and functions.
- App action - a step that controls services such as Gmail, Slack, Jira, and others
- Function - a step to interact with, change, or control the data in a flow
To add the Compose card:
- Click Add function
- From the Most Popular category choose Compose
- In the Compose card type the following:
Hello,
User with the following username was suspended:
- Drag and drop Okta User > Alternate ID from User Suspended card and place it after the suspended word
Connecting and passing data from card to card
- Click Save to save the flow
Your flow will look like this:
Connecting cards
Testing the Compose card
One neat feature in Workflows is the ability to test a card individually.
Using the Compose card, click the play ▶️ button at the bottom of the card. You will need to enter sample data for the second field and then click Test to see the card output.
Testing a card
It’s good practice to test each card individually as you build a flow.
In the next section, you will add a card to send an email notification.
Sending email notification
In this step, you will add the Gmail card to send an email.
Using the Gmail card
Steps to add the Gmail card:
- Click Add app action
- Find the Gmail app
- Find and click on Send Email action
- If this is your first time using the Gmail card, click + New Connection and follow the steps to authenticate your Gmail account. You need access to a Google Workspace account to use this card (not a personal Gmail). The card looks like this when added:
- Next, you need to set fields on the Send Email card. For the Email field, enter your email (or any other email that you can check)
- For the Subject field, enter User suspended
- For the Body field, drag and drop the output field from Compose card to Body field in Send Email card
- All other fields are optional
- Click Save to save the flow
Connecting from Compose to Send Email card looks like this:
Send Email card
Testing the Send Email card
To test the Send Email card:
- Click the play ▶️ button
- The To and Body will be pre-filled with data from the card. Enter sample Body field and click Test
- Check the email you entered in the To field
Testing the Send Email card
You can use another email provider if you don’t have access to Google Workspace.
Using the Office 365 Mail card
This section is optional. If you don’t have access to Google Workspace Gmail you can use Office 365 Mail card.
- Click Add app action
- Find and click on Office 365 Mail app
- Find and click on Send Email action
- If this is your first time using the Office 365 card, click + New Connection and follow the steps to authenticate your Office 365 account
- Fill out card fields as shown in the screenshot below
Using the Office 365 Mail card
In the next section, you will learn how to test the entire flow.
Testing the flow
You are ready to test the flow.
- Click Save to save any changes
- The flow needs to be on to run. Slide the on/off slider to turn the flow on
To see a flow execution, go to Flow History tab. It is empty now, but this is where you will see the flow running once a user is suspended:
Flow History tab
Note: if you see Execution history is not enabled for this Flow message on Flow History tab, switch back to Flow tab, and click the flow name. Check Save all data that passes through the Flow? to enable flow history.
To test the flow, you need a user in your organization whom you can suspend.
- In another browser tab, go to Okta organization > Admin > Directory > People
- Click Add person to add a new person. You can also use an existing person. Fill out the required fields and click Save. Here is an example of the People page:
- To suspend a user click their name
- Choose More Actions > Suspend to suspend the selected user
Switch to Workflows browser tab, open the Flow History tab. You will see one flow execution:
If you select another user to suspend, another flow execution will be added (you can see each execution on the right hand side)
Second flow execution
Looking closer at the Flow History tab, you see how data is passed from card to card. When you build more advanced flows, use the Flow History tab to monitor execution and see what data is passed between cards.
Flow execution with data mappings
This is how the email looks:
User suspended email
One last thing. To see the flow at a high level, go to the Flow Chart tab:
Flow chart
What you learned
In this tutorial, you built a no-code workflow invoked when a user is suspended and sends an email. You learned:
- How to build your a flow
- How to trigger a flow based on event (user suspended)
- How to send an email when a user is suspended
- How to test an individual card and the flow
More resources to help you learn
- 🍫 Get help from Workflows specialists during weekly community office hours.
- 📺 Learn from short Workflows videos.
- 🙋🏻♀️ Join the #okta-workflows channel on MacAdmins Slack to learn and get help from the community.