Understanding Okta Workflows Events
Okta Workflows is an event-driven platform for automating identity processes. Workflows allows you to trigger a flow when an event occurs in Okta or 3rd party services.
This blog post will teach you about triggering automation when an event occurs.
- Use built-in connector events from Okta and other services
- Use event hooks (webhooks) for Okta events
- Use webhooks for 3rd party services
- Search the System Log for events
- Okta Workflows resources
Learn about Okta Workflow connectors and connections. Read Understanding Okta Workflows Connectors.
Use built-in connector events from Okta and other services
To trigger a flow when an event happens, click Add event at the start of the flow to see a list of pre-built connectors.
Okta Workflows pre-built connectors.
Select a connector to see the events it supports. When you select the Okta connector, you will see the following events (partial list):
Events the Okta connector supports.
You can use these events to trigger a flow. For example, you will use the User Activated event to trigger a flow when a user is activated.
You will see the following events when you select the Slack connector:
Slack connector events.
For instance, you can trigger a flow when a new message arrives in a channel (the New Message in Channel event).
Example flow with User Activated event
Let’s look at a flow that uses the User Activated event.
User activated notification flow.
The flow has the following steps:
- The first card is the Okta — User Activated event. It sets up the flow to trigger when a user is activated in Okta.
- The Text — Compose card creates a message with the user's email and name.
- The Slack — Send Message to Channel sends the message about a user activated to a Slack channel.
Activate a user
Go to the Okta Dashboard > Directory > People, select a user, and activate it.
Okta user.
When a user activated event occurs, Workflows will trigger the flow. You can view the flow execution in Execution History.
User activated notification flow execution.
This section showed you how to trigger a flow using a built-in Workflows event.
Use event hooks (webhooks) for Okta events
As part of your organization’s security posture, you want to send a notification when a user uses a password that has appeared in a list of breached credentials.
You can look for such an event in the Okta connector, but you will not find it. The Okta connector does not expose this particular event.
Searching for an Okta event.
Even though the Okta Workflows connector doesn’t expose all the events, you can trigger a flow using event hooks. Event hooks in Okta are similar to webhooks.
When setting up an event hook, you specify an API endpoint to call when a particular Okta event occurs. Since you can call a Workflows flow with an API endpoint, you can set up an event hook to make a call to a flow.
Breached password notification event hook example
Flow with API endpoint
You first need to create a flow you can call with an API endpoint. To trigger a flow with an API endpoint, set the first card to the API Endpoint card.
Trigger a flow with API endpoint.
The card’s settings will show the API endpoint URL.
Flow API endpoint URL.
Set up event hook
Next, you set up the event hook in Workflow > Event hooks > Create Event Hook. Enter the flow Endpoint URL, Event Hook name, and Description, and at the end of this page, select the event for which you want to trigger this event hook. The event in this example is:
A credential, such as a password, which is associated with a known breach was used during an authentication flow.
Event hook set up.
You can test the event hook on the last page of the event hook wizard.
Testing the event hook.
The event hook triggers a Workflows flow:
Event hook triggers the flow.
The flow sends a message to Slack:
Slack message.
Okta’s Bryan Barrow wrote an excellent step-by-step tutorial about setting up an event hook for a breached password event. Also try the Send notifications for a breached password event template.
This section taught you how to run a flow using an Okta event for which there is no built-in event card in Workflows.
It is also possible to use event hooks for built-in Okta Workflows events. In the next section, you will learn how to use event hooks with filtering.
Adding a user to a group with filtering
You want to run a flow automation when a user is added to a group named No-Code Builders. The Okta — User Added to Group event card could trigger such an automation.
User added to group event card.
This automation will run when you add a user to any group, not just for the specific No-Code Builders group.
One solution is to place logic inside the flow to check for the group name and only continue executing the flow if the group name is No-Code Builders. This approach can become more complex if you need to filter several groups for different purposes.
An alternative solution is to use event hooks with filtering.
Set up an event hook with a filter
The flow will start with an API Endpoint card instead of the User Added to Group event card since you need to register the flow API URL with an event hook.
Notify user added to a group flow.
The event hook configures the flow API URL and uses the User Added to Group event. This event is the same event for which Workflows has an event card.
Event hook
Next, go to the Filters tab in the event hook setup. In this tab, you configure to process this event hook only when a user is added to a specific group (without the filter it will work like the built-in event card —for all groups).
Editing event hook filter.
The event hook filter checks if a user was added to the No-Code Builders group.
Event hook filter.
The event hook only triggers the flow when you add a user to the No-Code Builders group.
The Event Hook Filtering and Okta Workflows tutorials teaches how to set up event hook with group filtering.
So far, you have learned about two ways to trigger a flow with an event:
- Using a built-in event card.
- Using an event hook.
You can also trigger a flow when events happen in a third-party service using webhooks.
Okta calls webhooks event hooks.
Use webhooks for 3rd party services
Many services support webhooks. A webhook calls an API endpoint when an event occurs in a third-party service. Since you can call a Workflows flow with an API endpoint, you can make a call to a flow from the third-party service.
Google Forms webhook example
You want to create a user in Okta when the following Google Forms is submitted:
Google Forms.
You set up a form submit trigger to run the script and make a call to a Workflows flow API endpoint.
Google Forms script.
The flow Google Forms calls to create an Okta user:
A flow to process user creation in Okta.
Workflows has a template for this automation: Form Submission to Workflows API Endpoint.
Typeform webhook example
The following example uses a Typeform webhook to run a Workflows flow to create an Okta user. This example doesn’t require writing code or scripts.
Typeform.
When a user submits this form, Typeform will call a Workflows API endpoint registered as a webhook.
Typeform webhook.
The webhook calls the following Workflows flow.
A flow to process a webhook from Typeform.
This section taught you how to invoke a flow with an API endpoint when events occur in external services.
Search the System Log for events
One more option is to search the System Log for a particular event.
The following flow runs on schedule and uses the Okta —Search System Logs card with a custom filter to search the log for failed logins in the past 24 hours.
Searching for failed logins in System Log.
You can save the search results into a table to export to a CSV file and email it.
Okta Workflows resources
🍫 Get help from Okta Workflows specialists during weekly community office hours.
📺 Learn from Okta Workflows videos.
🛟 Ask questions on the Okta Workflows community forum.
🙋🏻♀️ Get help from the community: join the #okta-workflows channel on MacAdmins Slack.