Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Oktane19: Eliminate Tedious Tasks with Automations

  • Transcript
  • Details
  • Related Content

Share:

Ankur Datta: My name is Ankur Datta. I am a Senior Product Manager at Okta. I manage a couple of different products. One is the hooks platform. We made an announcement about that yesterday. Besides that, I also look after a few lifecycle management related features such as automations, Group rules, access request workflow. Today, I'm going to talk about how to eliminate tedious tasks with automations and Event Hooks, so that you guys can save time, enjoy longer lunches, et cetera. With me, my co-presenter is Nikki. So, Nikki is representing one of Okta's partners Optiv.

Ankur Datta: Partners play a very crucial role in Okta's journey because they help us unlock a number of very critical, very unique use cases. They also have a wealth of knowledge about the security use cases across different customers, so we learn a lot from them and that's how we are able to also improve our products.

Ankur Datta: Before I proceed, just want to make sure you guys are aware of this. So, I'm going to draw a roadmap for a couple of products, so there will be some forward-looking statements, and I would be happy to take more questions about the roadmap towards the end. Awesome. So, let's get started.

Ankur Datta: This is actually my second Oktane, and I've learned a lot in the last one year after joining Okta. I learned a lot from my interactions with all of you, all my customers. I heard things such as, “Hey, Okta is so easy to use. There's a simple user interface. It's trustworthy,” and so on. But, there was also a set of statements which reoccurred during these conversations. So, folks mentioned that, “Oh, I want more flexibility while I'm using Okta. I want to do a better job of integrating Okta with my other systems.” Or in general like, “I want to stay on top of events occurring in Okta and respond to them quickly.”

Ankur Datta: So, we came across certain comments such as people, if they're using Okta as a security product, they'll be like, “Oh, I want to respond to certain security incidents immediately when they occur because I want to prevent the downstream threat of the risks that might be out there.” Or if there are folks who are using Okta's lifecycle management products, they would like to stay on top of maintaining their list of users. So, if there are inactive users, they want to disable them immediately so that there are no issues of past employees getting access to existing apps and so on.

Ankur Datta: As I mentioned, in general, people wanted to have a better story when they use Okta and integrate with their downstream systems. So, keeping these things in mind, for the last one year, my team and I, we have been working on couple of brand new products, and I'm happy to introduce these to you guys today. They are called Automations and Event Hooks. Both have the same objective. They want to make incident response stress-free, less tedious and more automated. So, what are Automations and Event Hooks?

Ankur Datta: You can think of Automations as this very simple point and click tool. So, from our different conversations, we came to know about these very recurring use cases, so we decided that, "Okay, let's forward a UI using which one can configure these canned recipes, keep track of events, when those events occur, perform some actions." On the other hand, Event Hooks is also kind of having the similar objectives, but then it provides the UI and an API, and it's basically Okta's Webhooks offering. So, when an event occurs, you can register for that event, send an HGV post, and then you can use that event information to trigger a number of different downstream workflows.

Ankur Datta: A key difference between both these products is that Automations is mainly targeted towards our IT admin folks who prefer not writing code, and they prefer you having a very simple point and click tool. Whereas Event Hooks is for our IT admins and their teams who are comfortable writing a little bit of code and doing these last-mile customizations when they use Okta.

Ankur Datta: Now, I'll start talking about Automations first, then talk about Event Hooks. Then, we'll also hear a little more from Nikki about how these products might benefit the use cases, and the different customers she has come across from her wealth of experience. So, talking about Automations, so let's take an example from lifecycle management. As different organizations grow, they come across a lot of different types of users, so they can be employees, contingent workers, interns, et cetera. They can be external suppliers or partners who are also getting temporary access to your app. Managing the lifecycle of these users can become even more painful and complex as the different types of users grow, as the number of apps that the organization is providing, those grow. In general, as there are more stakeholders in that whole picture, things become a lot more complicated.

Ankur Datta: Now, at Okta, we try our best to address a number of these use cases with very simple, out-of-the-box tools. We try to make onboarding, off boarding of users simple. We create easy configurations so that you don't have to write code to manage these use cases. But at the same time, there are certain limitations where ... There are situations where, let's say, it's tough to extend the existing workflows in Okta. Or some of the current workflows who not really designed to address some of these last-mile use cases, which might be occurring outside Okta. Or we might not even provide tools for some of those things in the existing out-of-the-box tools.

Ankur Datta: So, keeping these things in mind, we came up with the Automations framework. It's a very simple framework. Here's a screenshot of one of the example use cases. In the left panel, one has to configure all the 'If' conditions. So, in this case, let's say I'm checking for user inactivity for 30 days. So, if users are inactive for 30 days belonging to a certain group, then check for these users on a recurring basis. And then, if all these conditions are true, then one can perform certain actions, for example, updating the life cycle state of the users to something like suspended and so on.

Ankur Datta: So, it's a very simple 'If-then' kind of a framework. So, when we started working on Automations last year, we wanted to prioritize a number of different use cases, so we started working on scenarios which allow our IT admin teams to do a better job in managing the contractor's life cycle, or sending reminder notifications when, let's say, their employee's password is about to expire. We also started working on a couple of other use cases such as ... We facilitate the dietary clean-up and maintenance, flexible mastering, and security incident response.

Ankur Datta: In the next few slides, I'll quickly show you guys how some of these use cases can be addressed using this new Automations framework. So, let's talk about the first use case. So, for example, in your organization you have this short term project going on. A bunch of contractors or contingent workers are hired, and you want to check their inactivity. So, all you have to do in Automations is, first, list the Okta group, so we'll check for these conditions only for you ... to that group. Next thing is you can actually set up a recurring schedule, you can change the time zone depending on when and how you want this automation to run.

Ankur Datta: Finally, you can also customize the user and activity condition. In this example, you change it for 30 days, you can change it to 60, 90, and so on. And when these conditions are true, in this example, I'm performing one action where I'm changing the lifecycle state of the user to suspended. I can add more actions, such as sending an email to these users that, "Hey, looks like you have been inactive for X days, and you'll get logged out." The cool thing is like you can actually customize these email templates in a very similar fashion, how you customize other Okta email templates.

Ankur Datta: On the same lines, there are other use cases we are enabling. So we have another condition that we are supporting, where you can check if the user who's password is set up in Okta is going to expire in X number of days. You can create actually multiple automation, so let's say you want to give a reminder to users that, “Hey, your password is about to expire in seven days.” So you can have a different email template for that. You can have another automation which checks if the user's password is going to expire in like three days or one day and send them a more stricter warning. Then potentially also send an email to other folks in their organization.

Ankur Datta: Few other use cases we are keeping in mind are related to let's say partner accounts. So when we onboard partners onto Okta, we have a certain life cycle state for them. Now if let's assume partner accounts are in the pending state for seven days, so instead of doing a manual cleanup and checking for these using ad hoc scripts and all, you can simply select the life cycle state of these group of users and say that, okay, if they are pending for seven days, then perform this action and change the life cycle state to suspended. We are also actually going to support more lifecycle states such as changing the state to deactivated or deleted and so on.

Ankur Datta: One other use case that we came across was relative to doing scheduled suspension. So let's say ... There was this use case where we were working with a nonprofit agency, and they hired a number of volunteers for Hurricane Harvey related support. Now, these users were given access to certain applications for a period of, I think, 180 days or so on. Now, since all the users had the same contract ended, our customer wanted to do like a one time ball clean up. So now with automation, all they have to do is set up the user group for these contractors and set up a different scheduling conditions. Instead of doing a recurring check, they can run this automation just once or a particular timestamp. In this case, let's say the contract ended for all these users is December 31st 2019, 11:59 PM. So when that timestamp occurs, then one can perform an action and update to suspended for all these users.

Ankur Datta: Now besides these Lifecycle Management type use cases, we are also looking at a number of other scenarios across Okta. So very soon we'll run a beta program where you'll also be able to check for one of events where let's say a user reported suspicious activity. Now, when this condition is true, as an IT admin, you can perform a number of different actions such as notify other admins in your organization. If you reset the password of these of this particular user, expired the session, suspend all devices, and so on.

Ankur Datta: So in terms of the roadmap, so we made the first few use cases of automations available in EA a couple months ago. Some of you are actually using it and we have gotten like really good feedback. So as of today, you can suspend users based on inactivity, you can remind users based on their expiring passwords, and you can perform actions such as notifying them or updating their life cycle state. But then we just got started. So we are enabling other use cases. So in a few months, in some time in Q2, you'll also be able to clean up stale registrations, deactivate, reactivate users based on customer attributes. This is actually very useful for users who use our input flow products.

Ankur Datta: As I mentioned in the previous slide, that will also run a beta program where you can detect suspicious activity and perform downstream actions. Apart from this, we are also trying to figure out how we can empower you guys with more actions in the automations framework. So we're looking at things like when conditions are true, also make a group membership change. So you can add the user too in your group, remove them, or just change their membership altogether. You can update user attributes and that's another thing we're looking at. With the recent acquisition of Azuqua, we're trying to explore that, how we can actually leverage the set of connectors and providing support for more third party actions and in general, like, make the whole framework lot more powerful.

Ankur Datta: Since we announced Hooks yesterday, we're also trying to look at use cases where you can also execute certain inline hooks when certain conditions are true. Or when an automation surrounds you can keep track of that event, and then also you subscribe to that event and then perform downstream actions.

Ankur Datta: Great. As I mentioned that we are also looking at use cases besides Lifecycle Management. So when we ran the beta program for automations last year, we got some really, really good feedback. So these are like some of the things we are actively exploring. You'll hear more announcements from us in the next few months, but I just wanted to quickly highlight some of these use cases, because I know they'll resonate with some of you in the audience. So one classic use case was that customers wanted to check that are there other group of users who are making a number of unsuccessful login attempts. They want to set a threshold that if these number of attempts cross, let's say, five in the last 24 hours, then they wanted to take some actions such as reset their Okta password, email the user, inform the admin so on.

Ankur Datta: There was another variant of the schedule suspension use case where customers had the scenario where they had a constant stream of different groups of contingent workers joining over the course of different days. So instead of setting a single contract and date for all these users, they wanted to set different contract and dates for them. So we want to support this use case by checking for the number of users whose contract end date is today and if that is true, then bulk suspend them.

Ankur Datta: We are also looking at other use cases such as cleaning up users who have been in an unverified state for an X number of days, lot of admin productivity use cases where, let's say if you have a pending task in Okta for X number of days, and no one is picking that up. So you can configure an automation and remind the other admins to help with that pending task. Or other use cases where we are trying to cut down on the number of end users support tickets. So for example, certain users were imported, one of the attributes was not properly filled up. Or let's say even after the user got onboarded, they for some reason did not set up the MFA. So you can check for these empty attributes and then send a reminder to users or actually make that change by yourself using the automation framework.

Ankur Datta: So you can start using automation today. As I mentioned, the two use cases on disabling inactive users and reminding users about expiring passwords that are already available in here. It's pretty easy to actually enable these features, you won't have to contact someone in support, et cetera. You simply need to go to early access features and features manager. You can access it by going to the settings, menu item, click on features, and you'll see a list of features which are available in early access. Just enable the check box next to Automations and you're all set.

Ankur Datta: Cool. So the next thing I want to talk about are Event Hooks. So as a reminder, automation is targeted towards folks who are interested in note writing code and prefer using a point and click tool, whereas Event Hooks are for other users who are comfortable writing a little bit of code and they have a number of other use cases where they want to do lot more customization they need a lot more flexibility.

Ankur Datta: So let's see what Event hooks are. So the main idea is that when an event occurs in Okta, a system log event, so we will push that event to your external servers. And you can write a little bit of custom code and then perform downstream actions. So a good example would be, lets say, I'm an IT admin at Okta, for example, and I've a new user who join this group called Okta executors. When I add this user to this new group Okta publishers and user added to this particular group, and we have all the information, like what's the users ID, their group name, et cetera. Now, I can subscribe to this event, I can use the event hooks API under underlying service to send this event to my system. When I receive this event, I can then create these custom integrations where I can automatically add this user to a private slack channel of all the Okta executives.

Ankur Datta: Because like, it's just a one time setup, so in the future as more and more users get added to this group called Okta executives, you won't have to, again, manually add them to this private slack channel, this will be automated.

Ankur Datta: So we're looking at a number of other similar use cases, where again, like the main idea is that you register for the event, we send an HTTP host, you write some custom code. So for instance, if a user is removed from a particular group membership, you can do this custom integration to send an email to the group admin. If an input job fail Okta's publishing an event, you can use that information to create a ServiceNow ticket. If a brand new user registers enter into your new portal, you can create a major marketing campaign for instance. Or if you're using Okta's mobility management products, and if you come across this event, various user's device certificate, you can add this device information to your list of blacklisted devices.

Ankur Datta: These are just some examples, we'll go to EA with Event Hooks sometime later in April around the third week. In the first iteration, we are going to white list the following events across these different categories. So you should be able to track these different user lifecycle events such as user got created, activated, deactivated, deleted. Various user Okta events, has a new user logged in, is the user's password being researched or updated. A number of app events, was a user assigned to a particular app, removed from that app, was that app password changed.

Ankur Datta: I talked about a couple of group membership events already, and we're also looking at a number of other events across Okta too. So for instance, if you're an admin, and you want to know that it's someone updating your password policy, so I'm just going to publish the policy updated event, and you can track that event and then notify your private slack channel of other admins and inform them that, “Hey, you know, someone made this change? Is that okay or not?”

Ankur Datta: I want to talk a little bit about how Event Hooks work. So, as I mentioned, it's Okta's Webhooks offering. So we are falling now have a number of very standard best practices that most Webhooks products in the industry follow. So delivering these events using HTTP, we're doing a push instead of pull. So in the past, you might be using Okta's system log API is to constantly pull for events and then you perform actions, well you won't have to do this polling anymore. So we just put the event to you, and you should be all set. We're also doing a best effort delivery, which means that we're not going to send these events in a particular strict order right now. So when this event occurs, we'll make our best to send it to your external service.

Ankur Datta: We're also putting extra emphasis on making sure that these events are delivered in a secure manner. So a little bit about the security aspect. So, there are three things we are trying to keep in mind to ensure our event hooks are delivered in a secure manner. So number one thing is that when one configures a new event of ... We want to make sure that you verify that you own the endpoint at conflict time. So, the benefit of this is that, we want to prevent certain scenarios where someone else who has access to this or who has knowledge of this endpoint, makes this flood of unnecessary verbals requests.

Ankur Datta: So, this approach of verification is actually is going to be available when we go to EA with Event hooks in a few weeks. We're also trying to ensure security from two other standpoints. So one is that post EA, we will also try to make sure that Okta signs these requests when they send it to you, so that you can actually trust and ensure that okay, it's a Okta who's sending the sign in to me, not some other servers. The other thing we also want to do is on the health checking front where over a period of time, you want to make sure that the consumer or the same endpoint is actually the same, still the same consumer. If something changes we'll have this set of functionality where you can get notified, and you can then do adequate maintenance of these endpoints.

Ankur Datta: So again, like Event Hooks is also very easy to enable when it goes to EA on April 17th. No need to contact Okta support or anything, you just go to, settings features, you'll see the list of available features in our future success manager and just enable the check box next to Event Hooks.

Ankur Datta: Great. So that was pretty much what I had to cover about Event Hooks. I'll be happy to go through more questions during the Q&A part towards the end and I have a couple of other announcements, but before that I want to hand over to Nikki so that she can talk about The use cases that she has come across, while talking to her customers and how the automation and Event Hooks might benefit those customers. Over to you Nikki.

Nikki Doty: Thanks.

Nikki Doty: Hey, you're still awake. It's after lunch. I'm impressed.

Ankur Datta: I actually forgot to mention something. Sorry about that. Yeah. So we're also going to launch an Event Hooks UI sometime in the May/June time frame. It's pretty much going to make the API, you'll be able to see a list of existing event talks, activity, and so on. Now, over to you.

Nikki Doty: Thanks.

Nikki Doty: Okay. Well, we are here. I don't want to get too far ahead of you. Yeah. You're done with that one.

Ankur Datta: I'll talk about it towards-

Nikki Doty: Talk about it later?

Ankur Datta: Yeah.

Nikki Doty: Okay. I am from Optiv. Here's a little blurb from our website about who we are. But we handle all kinds of security, the breaches, the firewall, so this and that. My job is to implement Okta, I go around the customers who buy Okta and want help implementing it, or they own it, and they want help leveraging and utilizing their investment. So that's what I do, and it's kind of fun.

Nikki Doty: I have lots of different customers and lots of different verticals, and I don't tell my customers that there's an easy button with Okta. I'm here to show you some of the use cases that these additional developments will help you as admins and you in your companies leverage Okta a little bit better.

Nikki Doty: So one of our use cases, I've got a energy company in Southern California. They use Git to create accounts in Okta from AD, they don't want to use full sync. They've got a licensing issue. They're just not comfortable with it. They just want to create a user in Okta, if a user needs Okta. So today, they either have to manually go in and clean up those users that have left the organization or are not in sync or use or whatever, or they just don't clean it up. Then maybe we have a licensing problem, maybe we have an accountability problem. So what we can do with this, and we've actually put it in beta environments, we're just going to start disabling inactive users.

Nikki Doty: If you haven't logged in X number of days, just like the AD policies, we're going to do it in Okta, we're just going to disable it. That's going to get us compliance. It's going to free up our guys to do better things, and it's going to reduce our license costs in that environment. I think it's going to be a really nice value add for them because the manual stuff just, frankly, isn't very fun. It's not easy.

Nikki Doty: So password reset notification. So I have a customer that has AD and Okta mastered accounts. In AD, that whole password expiration thing, you can solve it in a number of ways. You can buy a tool, you can write a power shell script, you can do all kinds of things. It's not part of AD unless you are on the network and can control or delete. But Okta hasn't really had a good way to do this. So this lets us set up an automation to notify our often mastered accounts, our accounts that don't need AD, I think some folks have talked about that earlier. If you don't need to be in AD, just put your account in Okta. So this allows us to send them reset notifications, not only for the Okta master accounts, but for those folks like me, who hardly ever connect to the network. Then they can reset their password prior to an expiring because it always expires when I'm trying to do something for client every single time.

Nikki Doty: So let me know a little bit sooner, my password is expiring, it will help those Okta master, those third party, those folks that aren't on the network know that it's happening. It improves our customer satisfaction and honestly, and I'm guilty, I am guilty. I've called the service desk because I can't get my password reset. So this is going to help us leverage that tool in Okta to self service password reset.

Nikki Doty: Okay, user onboarding. This is a organization in the automotive industry. I think Event Hooks would help them a lot. They have a significant investment in ServiceNow. Their old onboarding process, the form was ... I kid you not this long and everything you could possibly ever want. As a manager, you had to know, you had to know what system you want it and you could tell that this form was written by IT people.

Nikki Doty: It was hard, and every user onboarding was at least seven tickets. So what this is going to allow the organization to do is just notify ServiceNow that we have a new hire, and then leveraging that orchestration and ServiceNow, now they can open up a ticket for a batch, they can open up a ticket for a PC, they can know buy because this particular organization is using Workday as a master. So the data is going from Workday to Okta, and then it goes into ServiceNow. They can know this person's role, do they need a computer? Let's get it for them. Do they need access to the H-drive, the queue drive, the whatever? Let's get it for them. So when the employee shows up, and inevitably, the employee shows up the same day HR puts them in the system, not necessarily two weeks ahead. We can get that in ... we can get them the tools they need, we can get them there provisioning a lot quicker.

Nikki Doty: Then we can reduce our cost to our service desk, by eliminating all of those calls for I can't get into this, I didn't get that piece of software, and the user is just going to be happier. Your new employee is just going to be happier. So I think that one is going to fit in really, really well.

Nikki Doty: Okay, this one's personal. I was an Okta admin for a really long time. I do hear this from a lot of my customers. What's with the tasks? What's with the dashboard? Why do I have to login to find out that so and so didn't create or that O-365 had a licensing problem with Freddie or Susie or whoever I don't want to log in. There's no accountability, which, okay, this might not be all that bad, but then I have no way to show how much effort an IT admin is expending in Okta trying to fix these things that don't get ticketed. So, with Event Hooks, what we will have the availability to do is then if an import fails, if there's somebody sitting on the imports screen needing attention, we don't know if we have five Mike Jones is in the company. There's a Mike Jones sitting there going partial match. Unless you log in, you can't see it.

Nikki Doty: This automation will allow us to open up a ticket and notify someone to go look at it. O-365 licensing errors, if you think about it, if we do it right ... So someone's in the E3 group and E1 group and Microsoft's not is not going to let that happen. They just come back and say, "No." But if we do it right, we can use the automation to notify the right people the first time and say, "Look, you got a guy into groups or fix it based on their role.

Nikki Doty: Somebody manually tried to do something that didn't quite go. So let's get the ticket to the right person. Let's send an email. Let's get it so we don't have to log into the console and then call the right person to fix the problem. So that's going to help us quantify our effort to care and feed our Okta environment. It's going to reduce our service desk calls, because we're going to be able to fix these problems before the users identify them. It's going to free up our resources to do really cool things like make more Event Hooks.

Nikki Doty: And I think that was all I had.

Ankur Datta: Cool.

Nikki Doty: Cool. Thank you.

Ankur Datta: Thank you Nikki. That was super helpful Nikki, it was very insightful too. So couple of things before we go into the Q&A. So we are continuing to make more improvements to our existing features. I didn't get a chance to mentioned in the previous slide. So for instance, for Event Hooks, we plan to add more support for allowing filtering of events, so that instead of receiving events for ... so let's say you subscribe to the event user assigned to an app, and instead of receiving this event for all possible apps, you can add a filter and say that only notify me for a particular app. We're also trying to add more context to the event payloads or provide a facility to transform these payloads so that it's a lot more easier to integrate the downstream systems.

Ankur Datta: Couple of more things about these new features that we talked about just now. So automation is going to be available if you are already using Okta's Lifecycle Management product. Event Hooks will be available in the course queue. So if you're using an Okta product, which generates those events, you should be able to register for them and get notified about these. Once again, a reminder about how to enable these features, go to the early access feature manager, and then enable the chat box next to these features.

Ankur Datta: I wanted to give a big shout out to some of my team members who are actually in the audience right now, engineers, designers, marketers, who spent hours and hours you making sure that we are able to stay on track and make these features available. In order to keep us busy, please provide us more feedback on how we can improve these features. You can also go to our Okta's Ideas board and Okta's Help Center. The link is over there. It's bit.ly/oktaideas. You can post new ideas, upload existing ideas and ... We check that board very regularly, so we'll make sure that the top most forwarded ideas are actually on our roadmap, and so on.

Ankur Datta: If you have any other questions, feel free to reach out to support at okta.com and we'll be happy to have a quick chat with you and understand your use cases a lot better.

Ankur Datta: After the session is over, please read the session and give us feedback on what else you'd like to know about these new features in future customer meetings or in future Oktanes.

Ankur Datta: Finally, I just want to also remind you guys that in the same room at 3:30, there'll be another interesting session from Okta's IT team on some best practices on how they use HR systems and IT. They'll also talk a little bit about some of the automation and an event related use cases. So please make sure to attend that event.

Ankur Datta: Finally, yeah, let's go to questions.

Speaker 3: Wasn't there a slide for ... ?

Ankur Datta: Yeah, actually, there was some snaffled like the things are sequence. So, I was nearly talking about the upcoming enhancements we are working on for Events Hooks like filtering, transformation of events, and adding more context to the event payload.

Nikki Doty: There is question here.

Ankur Datta: Oh, we have a question from here.

Speaker 4: All these features going to be controlled through the API as far as creating the Event Hook or creating an Automation, will you be able to do that through the API and not just through UI? I think maybe you answered that right at the end of the first part of what you were saying, but I just wanted to confirm that.

Ankur Datta: Yeah, so automation is a UI only product, whereas for Event Hooks, so when we launch it on April 17th we'll have the API, but in a couple of months will also provide a UI to mimic the API. So the same operations on creating a new event Hook, verifying the endpoint, viewing the list of existing Event Hooks, that should all be possible, both for using the API and the UI.

Speaker 5: Yeah. Hi. I had question here.

Ankur Datta: Yeah. The lights are likely to blind me.

Speaker 5: That's fine. So the question that I had was, in one of the features where you mentioned that the workflow can suspend accounts. So my question is, is that equally applicable to Okta Master, as well as AD Master accounts?

Ankur Datta: Okay, so today in the existing iteration of Automations, we are only looking at users who were set up in Okta, whose life cycle state is in Okta, for the inactivity based suspension.

Ankur Datta: I'm discussing this use case with our fellow PM, who also looks after the Okta and AD integration. And we're trying to figure out that, is there a way for us to also check the state in AD and or like, perform downstream actions back in AD?

Nikki Doty: We're doing AD mastered user?

Speaker 5: Yeah. So the use is basically, a lot of our users are already mastered?

Ankur Datta: Right, right.

Speaker 5: And there are bunch of accounts that come from AD, which they haven't logged in for, say 90 days-

Ankur Datta: Or more, okay.

Speaker 5: So ideally what we would like to do is put them in a suspended stead because we haven't logged in for an extended period of time. Then when the login then make it active again, that would be the ideal use case. I see.

Ankur Datta: So in that case, like if the user session has been created in Okta, then we should be able to capture whether they are actually logging in through Okta, what was the last login date, whether they're updated in Okta or not. Then based on that we can check the inactivity, but then we'll be making the lifecycle state update only in Okta right now.

Speaker 6: One question. Thanks for the info here.

Speaker 6: So, Event Hooks looks great. Two part question. One is, is there going to be a limitation on the number of hooks that we can deploy? 10 per instance, 20 that you're going to recommend? That's one part. The second part is Okta also has this Okta provisioning agent, which is basically driven or triggered based off of errings that you can sign and then of course, it's a SCIM-based interface, but still there is an extension capability which is there. So between OPA and this, which one ... How do you compare and is there a recommendation around it or a roadmap to say one is going to be duplicated versus other or both will be supported and in which use cases what will happen?

Ankur Datta: Oh, I see. Okay. Okay. So let me answer the first question. So, yes, in the beginning, we'll have some limit for a number of events you can configure per org. And we'll keep a close eye on how often are people hitting that limit. Then in the future, when things look a lot more stable we'll make an effort to actually increase that limit too. I believe today, the limit is 10 Event Hooks per org. 10 Event Hooks configuration per org for each event Hook add a large number of different events or you can have like single events.

Ankur Datta: So regarding your second question, so the objective of Event Hooks is not to replace existing Okta products at all. So, if you're already using Okta's provisioning products ... I hope I've understood the question correctly, otherwise, we can chat in more detail offline. But yeah, the goal is not to replace existing products is just that if you're using an existing product and certain events are already being generated, you can use that for more custom workflow integrations.

Speaker 7: Question regarding the Event Hooks. You cited an example of Event Hooks are notifying when there are issues say you have an import failure, and sort. Are there any plans to leverage Event Hooks, such that they could send a notification through, say, Okta's slack application into an organization slack channel as opposed to the current method which is tied specifically to a user's email address and goes into a user's inbox which is promptly then filtered away and never to be seen again?

Ankur Datta: I see. So to be honest, like there are no immediate plans to support these other notification channels. But then with this recent Azuqua integration, because one can actually enable a slack connector using that too. So we are looking at all these scenarios where how you can more easily keep track of that event. If you already have your own slack configuration in place, you can use Azuqua to configure that slack, send message action and receive notifications. But if you notice the repetitive pattern, then we'll consider providing it more natively out of the box in Okta product itself. Yeah.

Speaker 8: Yeah, hello. My first question is about Automations. So you mentioned that Automations could be triggered run once, or it could be in a scheduled manner. So could there be an option to have it real time?

Ankur Datta: Would there be an option to run it real time?

Speaker 8: Yes. So for example, if somebody gets added to a group, I want to notify immediately through an email address or something else.

Ankur Datta: Okay, yeah. So in one of the last examples that I mentioned, where one can track an event with such as user's account is compromised and then perform actions. So for that use case, we've actually made an effort to support these real time or near real time Automations. So when that event occurs, then we immediately perform those actions. The first use case we are enabling is for that account, compromised event. But then again, like we are looking for feedback from you guys, and if you notice that, you know, you're interested in configuring real time automations for other Okta events, we'll definitely work on enabling those two.

Speaker 8: Okay, and the second question was about the Event Hooks, you mentioned that there would be opposed to an custom HTTP server that we provide. For the Event Hooks we have to provide a custom HTTP Host, or you will do ICP post, and there could be verification and in the GA, there could be signed secrets. So is that going to be incorporated in SDK, or is it something we need to build custom?

Ankur Datta: Okay, so we are also working with our developer experience team to come up with hooks the SDK. So just using that SDK you will be able to configure both in line Hooks, Event Hooks, so that's definitely in the horizon.

Ankur Datta: But for the time being, like, at least like when we go to EA on April 17th, that time, we won't have that SDK available.

Ankur Datta: I will question on that side. No, no, Okay. Let's take that one.

Nikki Doty: Yeah. We just have more time for one more question. So we'll just take this one.

Ankur Datta: We can always chat outside the room after this event. I'll be happy to take more questions there too.

Speaker 9: So I was curious about capturing events that are not necessarily considered failures by Okta. We have certain instances where a user will be captured in a continuous single sign on state. With ...

Ankur Datta: Can you get the mic closer, I can't hear clearly.

Speaker 9: So we have users that can occasionally be captured in a continuous single sign on state where it will just keep redirecting them back to Okta. Would that be something that we can capture with the Hooks or Automations?

Ankur Datta: Sorry, can you repeat what kind of event you're talking about?

Speaker 9: When the user goes to sign on to an application, instead of being directed to the application, the application will send them back to Okta for single sign on, and be stuck in an infinite loop. I was wondering if we would be able to capture something like that.

Ankur Datta: Oh, yes, yeah. So when I went through the list of events that will support ... you're also going to white list, the user login and user session, ended events, too. So once you subscribe to that event, you'll be able to create these custom workflows.

Speaker 9: Okay, thank you.

Nikki Doty: That's it.

Ankur Datta: That's it. Okay. Awesome. Thank you so much for attending. I'll be able to ... I can take more questions outside the room. And you can also get in touch with us through Okta's Ideas Board. Thanks.

Ankur Datta
Senior Product Manager, Lifecycle Automation and Extensibility, Okta
Nikki Doty
Senior Security Consultant, Optiv

Learn about two big new Okta features - Event Hooks and Automations. What are practical use-cases they solve out of the box? Hint: they help manage the lifecycle of contractors, partners and customers, as well as help you respond immediately to Okta events and more!

Share: