Build Your First Automation With Okta Workflows: Notify When User Is Suspended

Hello 👋🏼 – if you are new to Okta Workflows, you should start with this tutorial.

This step-by-step tutorial will show you how to build a no-code workflow that sends a notification when a user is suspended in Okta.

You will learn:

  • How to build your first flow
  • How to trigger a flow when a user is suspended
  • How to send an email notification when a user is suspended
  • How to test a flow

The flow looks like this:

Sent notification when user is suspended flow

Before you begin

To complete this tutorial you need to have access to Workflows. Check if you have access to Workflows by going to Okta organization > Admin > Workflows > Workflows console.

Workflows console

If you don’t have Workflows in your organization, please reach out to your Customer Support Manager to enable the Workflows Starter plan (I know, this sucks). Or, reach out to me and I will help you 🙌.

What is Okta Workflows?

Okta Workflows is a no-code platform that allows you to build automations to help with identity solutions. For eample, you can build the following workflows without asking IT or developers for help:

  • Reset password, end user sessions when suspicious activity is detected
  • Automate changes to user access, e.g. temporarily give access to an app or shared workspace
  • Temporarily delay MFA access requirement during user onboarding
  • Send notification when a user is suspended (this tutorial)

this is a short list of what is possible.

Create a new flow

To start you are going to create a new flow:

  1. In Workflows console, click Flows
  2. Click + New Flow to create a new flow
  3. Click Unnamed (upper left corner)
  4. For name enter User Suspended Notification
  5. It is also a good idea to enter a description This flow will send a notification when a user is suspended
  6. Also check the Save all data that passes through the Flow? checkbox. You will be using this capability at the end of this tutorial
  7. Click Save

You just created your first flow!

New workflow

In the next section you will learn how to invoke a flow when a user is suspended.

Using User Suspended event to trigger flow

You want to run the flow when a user is suspended. Look at the image above, in the first rectangle it says When this happens. The this — is when a user is suspended.

To add a trigger event for this flow:

  1. Click Add event
  2. Select Okta from the apps list
  3. In the Okta events menu, look for and select User Suspended
  4. If this is your first flow then you also need to create a connection to Okta. Click +New Connection
    • If you already have a connection you can use it
  5. The Connection Nickname field should be set to Okta. You can change the name if you want
  6. For Domain field enter your domain name without http://
  7. Open the Admin Console in a new browser tab and go to Applications > Applications
  8. Select Okta Workflows OAuth
  9. Click on Sign On tab
  10. Copy the Client ID, return to Workflows console and paste it into the Client ID field in the New Connection window
  11. Copy the Client secret and paste it into the Client Secret field in the New Connection window
  12. Click Create to authenticate and add a connection

Your flow will look like this:

Flow with User Suspended event

Workflows will monitor for this event (user suspended) and when a user is suspended in an organization, this flow will be invoked. The output fields that you see in the User Suspended card, that’s all the information that the card makes available (when event is fired). You can use any of the fields in other flow steps.

In the next section you will create a message to be shared via email.

Create message

To create a message you are going to use the Compose card.

In the previous section you learned about how an event can invoke a flow. Other flow components are app actions and functions.

  • App action – is a step the controls services such as Gmail
  • Function – allows to interact with, change, or control the data in a flow

To add a Compose card:

  1. Click Add function
  2. From the Most Popular category choose Compose
  3. In the Compose card type the following:

    Hello,

    User with the following username was suspended:
  4. Drag and drop Okta User > Alternate ID from User Suspended card and place it after suspended word
  5. Click Save to save the flow

Your flow will look like this:

Data mapping

Test Compose card

One neat feature in Workflows is the ability to test a card individually. Using the Compose card, click the play ▶️ button at the bottom of the card. You will need to enter sample data for the second field and then click Test to see the card output.

Testing a card

It’s a good practice to test each card individually as you are building a flow.

In the next section you are going to add a card to send email notification.

Send email notification

In this step you are going to add a Gmail card to send an email.

Using Gmail card

  1. Click Add app action
  2. Find the Gmail app
  3. Find and click on Send Email action
  4. If this is your first time using the Gmail card, click + New Connection and follow the steps to authenticate your Gmail account. The card should look like this when added:

    Note: you need to have access to Google Workspace account in order to use this card (not a personal Gmail)
  5. Now you need to provide data for the Send Email card. For Email field, enter your email (or any other email that you can check)
  6. For Subject field enter User suspended
  7. For Body field, drag and drop the output field from Compose card to Body field in Send Email card
    • All other fields are optional
  8. Click Save to save the flow

Data mapping from Compose to Send Email card looks like this:

Send Email card

Test Send Email card

To test the Send Email card:

  1. Click the play ▶️ button
  2. The To and Body will be refilled with data from the card. Enter sample Body field and click Test
  3. Check the email you entered in the To field
Testing Send Email card

You can use another email provider if you don’t have access to Google Workspace.

Using Office 365 Mail card

This section is optional. If you don’t have access to Google Workspace Gmail you can use Office 365 Mail card.

  1. Click Add app action
  2. Find and click on Office 365 Mail app
  3. Find and click on Send Email action
  4. If this is your first time using the Office 365 card, click + New Connection and follow the steps to authenticate your Office 365 account
  5. Fill out card fields as shown in the screenshot below
Using Office 365 Mail card

In the next section you will learn how to test the entire flow.

Testing flow

You are ready to test the flow.

  1. Click Save to save any changes
  2. The flow needs to be on in order to be trigged. Slide the on/off slider to turn the flow on

To see a flow execution, go to Flow History tab. It is empty now but this is where you will see flow running once a user is suspended:

Flow History tab before any flow runs

Note: if you see Execution history is not enabled for this Flow message on Flow History tab, switch back to Flow tab, and click the flow name. Check Save all data that passes through the Flow? to enable flow history.

To test the flow you need to have a user in your organization whom you can suspend.

  1. In another browser tab go to Okta organization > Admin > Directory > People
  2. Click Add person to add a new person. You can also use an existing person. Fill our the required fields and click Save. Here is an example of People page:
  3. To suspend a user click their name
  4. Choose More Actions > Suspend to suspend the selected user

Switch to Workflows browser tab, open Flow History tab. You will see one flow execution:

First flow execution

If you select another user to suspend, another flow execution will be added (you can see each execution on right-hand side)

Another flow execution

Looking closer at the Flow History tab, you see how actual data is mapped from card to card. When you build more advanced flows, use the Flow History tab to monitor execution and what data is passed between cards.

Flow execution with data mappings

This is how the email looks:

User suspended email

One last thing. To see the flow at a high-level, click Flow Chart:

Workflow chart

What you learned

In this tutorial you built a no-code workflow that is invoked when a user is suspended and email notification is sent. You learned:

  • How to build your first flow
  • How to invoke a flow when a user is suspended
  • Send an email notification when a user is suspended
  • How to test a flow

More educational resources

If you enjoyed this tutorial, there are more education resources to help you with Workflows:

2 Comments

  1. Josh says:

    Hello,
    I am new to Okta workflows. I am looking a sample workflows trigger event that create a new user account in Okta whenever a new user profile create in BambooHR.

    Please let me know

    1. maxkatz says:

      Hi Josh – you can connect to BabmooHR from Workflows with the API Connector card. There is no native connection available today. As for the event, if BabmooHR supports webhooks then you can call a flow via an API endpoint when a particular events occurs in BambooHR. This video shows how to invoke a flow via API endpoint: https://www.youtube.com/watch?v=DDuIgY3Np2E&list=PLIid085fSVdvyK8F4xuk49EchBPmAVNHG&index=21

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.