Understanding Okta Workflows Events

Okta Workflows is an event-driven platform for automating identity processes. Workflows allows you to trigger a flow when an event occurs in Okta or 3rd party services.

This blog post will teach you about triggering automation when an event occurs.

  1. Use built-in connector events from Okta and other services
  2. Use event hooks (webhooks) for Okta events
  3. Use webhooks for 3rd party services
  4. Search the System Log for events
  5. Okta Workflows resources

Learn about Okta Workflow connectors and connections. Read Understanding Okta Workflows Connectors.

Use built-in connector events from Okta and other services

To trigger a flow when an event happens, click Add event at the start of the flow to see a list of pre-built connectors.

Workflows connectors

Okta Workflows pre-built connectors.

Select a connector to see the events it supports. When you select the Okta connector, you will see the following events (partial list):

Okta connector events

Events the Okta connector supports.

You can use these events to trigger a flow. For example, you will use the User Activated event to trigger a flow when a user is activated.

You will see the following events when you select the Slack connector:

Slack connector events

Slack connector events.

For instance, you can trigger a flow when a new message arrives in a channel (the New Message in Channel event).

Example flow with User Activated event

Let’s look at a flow that uses the User Activated event.

User activated notification flow

User activated notification flow.

The flow has the following steps:

  1. The first card is the Okta — User Activated event. It sets up the flow to trigger when a user is activated in Okta.
  2. The Text — Compose card creates a message with the user's email and name.
  3. The Slack — Send Message to Channel sends the message about a user activated to a Slack channel.

Activate a user

Go to the Okta Dashboard > Directory > People, select a user, and activate it.

Okta user

Okta user.

When a user activated event occurs, Workflows will trigger the flow. You can view the flow execution in Execution History.

User activated notification flow execution

User activated notification flow execution.

This section showed you how to trigger a flow using a built-in Workflows event.

Use event hooks (webhooks) for Okta events

As part of your organization’s security posture, you want to send a notification when a user uses a password that has appeared in a list of breached credentials.

You can look for such an event in the Okta connector, but you will not find it. The Okta connector does not expose this particular event.

Searching for Okta event

Searching for an Okta event.

Even though the Okta Workflows connector doesn’t expose all the events, you can trigger a flow using event hooks. Event hooks in Okta are similar to webhooks.

When setting up an event hook, you specify an API endpoint to call when a particular Okta event occurs. Since you can call a Workflows flow with an API endpoint, you can set up an event hook to make a call to a flow.

Breached password notification event hook example

Flow with API endpoint

You first need to create a flow you can call with an API endpoint. To trigger a flow with an API endpoint, set the first card to the API Endpoint card.

Trigger a flow with API endpoint

Trigger a flow with API endpoint.

The card’s settings will show the API endpoint URL.

Flow API endpoint UR

 

Flow API endpoint URL.

Set up event hook

Next, you set up the event hook in Workflow > Event hooks > Create Event Hook. Enter the flow Endpoint URLEvent Hook nameand Description, and at the end of this page, select the event for which you want to trigger this event hook. The event in this example is:

A credential, such as a password, which is associated with a known breach was used during an authentication flow.

Create event hook

Event hook set up.

You can test the event hook on the last page of the event hook wizard.

Event hook testing

Testing the event hook.

The event hook triggers a Workflows flow:

Event hook triggers the flow.

 

Event hook triggers the flow.

The flow sends a message to Slack:

Slack message

Slack message.

Okta’s Bryan Barrow wrote an excellent step-by-step tutorial about setting up an event hook for a breached password event. Also try the Send notifications for a breached password event template.

This section taught you how to run a flow using an Okta event for which there is no built-in event card in Workflows.

It is also possible to use event hooks for built-in Okta Workflows events. In the next section, you will learn how to use event hooks with filtering.

Adding a user to a group with filtering

You want to run a flow automation when a user is added to a group named No-Code BuildersThe Okta — User Added to Group event card could trigger such an automation.

 

User added to group event card

User added to group event card.

This automation will run when you add a user to any group, not just for the specific No-Code Builders group.

One solution is to place logic inside the flow to check for the group name and only continue executing the flow if the group name is No-Code Builders. This approach can become more complex if you need to filter several groups for different purposes.

An alternative solution is to use event hooks with filtering.

Set up an event hook with a filter

The flow will start with an API Endpoint card instead of the User Added to Group event card since you need to register the flow API URL with an event hook.

 

Notify user added to a group flow

Notify user added to a group flow.

The event hook configures the flow API URL and uses the User Added to Group event. This event is the same event for which Workflows has an event card.

​​​​​​​Event hook

Event hook

Next, go to the Filters tab in the event hook setup. In this tab, you configure to process this event hook only when a user is added to a specific group (without the filter it will work like the built-in event card —for all groups).

 

​​​​​​​Editing event hook filter

Editing event hook filter.

The event hook filter checks if a user was added to the No-Code Builders group.

 

Event hook filter

Event hook filter.

The event hook only triggers the flow when you add a user to the No-Code Builders group.  

The Event Hook Filtering and Okta Workflows tutorials teaches how to set up event hook with group filtering. 

So far, you have learned about two ways to trigger a flow with an event:

  • Using a built-in event card.
  • Using an event hook.

You can also trigger a flow when events happen in a third-party service using webhooks.

Okta calls webhooks event hooks.

Use webhooks for 3rd party services

Many services support webhooks. A webhook calls an API endpoint when an event occurs in a third-party service. Since you can call a Workflows flow with an API endpoint, you can make a call to a flow from the third-party service.

Google Forms webhook example

You want to create a user in Okta when the following Google Forms is submitted:

 

Google Forms.

Google Forms.

You set up a form submit trigger to run the script and make a call to a Workflows flow API endpoint.

 

Google Forms script

Google Forms script.

The flow Google Forms calls to create an Okta user:

 

A flow to process user creation in Okta.

A flow to process user creation in Okta.

Workflows has a template for this automation: Form Submission to Workflows API Endpoint.

Typeform webhook example

The following example uses a Typeform webhook to run a Workflows flow to create an Okta user. This example doesn’t require writing code or scripts.

 

Typeform

Typeform.

When a user submits this form, Typeform will call a Workflows API endpoint registered as a webhook.

 

Typeform webhook

Typeform webhook.

The webhook calls the following Workflows flow.

 

​​​​​​​A flow to process a webhook from Typeform

A flow to process a webhook from Typeform.

This section taught you how to invoke a flow with an API endpoint when events occur in external services.

Search the System Log for events

One more option is to search the System Log for a particular event.

The following flow runs on schedule and uses the Okta —Search System Logs card with a custom filter to search the log for failed logins in the past 24 hours.

 

​​​​​​​Searching for failed logins in System Log

Searching for failed logins in System Log.

You can save the search results into a table to export to a CSV file and email it.

Okta Workflows resources

🍫 Get help from Okta Workflows specialists during weekly community office hours.

📺 Learn from Okta Workflows videos.

🛟 Ask questions on the Okta Workflows community forum.

🙋🏻‍♀️ Get help from the community: join the #okta-workflows channel on MacAdmins Slack.

Tags

Workflows