How to Check if a User Is a Member of a Specific Group in Workflows

Okta Workflows how-to guides are questions and answers from weekly community office hours, #okta-workflows channel on MacAdmins Slack, and other places. Read all the other how-to guides

On to the question. 

How to check if a user is a member of a specific group in Workflows?

Check if a user in a group

The solution to check if a user is in a group is a helper flow. You can plug this flow into any other flow and reuse.

A flow to check if a user belongs to a group

The flow has the following steps:

  1. The Helper Flow card has two inputs: User ID and Group name. You check if the user entered is a member of the group entered
  2. The Okta – Get Users Groups card takes a User ID and returns all the groups this user is in
  3. The List – Find card, searches if the Group name input matches any of the groups in the list returned. It searches only the Profile.Name path in the group list JSON. A sample of the JSON is shown below. The item output field is first item in the list that meets the specified criteria. The index output field is location of the item in the original list
  4. The Branching – Assign If card, checks if the index is greater than zero. If greater than zero (a match was was found), the return is set to true. If less than zero (a match was not found), the return is set to false
 {
    "Last Membership Updated": "2023-05-25T18:36:20.000Z",
    "Last Updated": "2022-07-01T14:10:24.000Z",
    "Profile": {
      "Name": "No-code Automation",
      "Description": "A group with awesome people"
    }
    ...
  },
  {
    "Last Membership Updated": "2022-11-17T17:36:33.000Z",
    "Last Updated": "2022-06-24T19:32:06.000Z",
    "Profile": {
      "Name": "No-code Builders",
      "Description": "Folks who build automations"
    }
    ...
  }

This is a flow run where the group name is matched:

Flow run where a group name is matched

This is a run where the group name is not matched:

Flow run where a group name is not matched

Note that in the above screenshot, the index in the List – Find card is -1. It indicates no match is found.

What you learned

In this how-to guide, you learned how to check if a user is in a specific group.

More resources to help you learn:

🍫 Get help from Workflows specialists during weekly community office hours.

πŸ“Ί Learn from Workflows videos.

πŸ›Ÿ Get help from support: discuss a Workflows topic or ask a question.

πŸ™‹πŸ»β€β™€οΈ Join the #okta-workflows channel on MacAdmins Slack to learn and get help from the community.

7 responses to “How to Check if a User Is a Member of a Specific Group in Workflows”

  1. Mike Lee Avatar
    Mike Lee

    What if there is the potential for a user being in over 200 groups? This appears to use the option for first 200 records for the Get user groups card.

    Reply
    1. maxkatz Avatar
      maxkatz

      Hi Mike – You could use the Streaming option if the user is in more than 200 groups.

      Reply
      1. Mike Lee Avatar
        Mike Lee

        Hi Max! Thanks for the response. Fan of your tutorials and videos. Would you happen to have a demo workflow that shows how to use the streaming option to obtain the same output for T or F?

        Reply
        1. maxkatz Avatar
          maxkatz

          Share what are you trying to build? What do you need to do once you know a user is in a group or not? The Streaming process a record at a time, but doesn’t return data to the calling flow.

          Reply
          1. Mike Lee Avatar
            Mike Lee

            Once I determine if a user is in a group, I want to remove them from the group. Looks like I need to call the helper flow to determine if they are in the group via streaming and then remove the user from the group. There are other actions to add to but for now trying to figure the call flow and how to process the Record and State the help file states to use for outputs.

          2. maxkatz Avatar
            maxkatz

            Correct. If you find a user in a group, you can delete it in the helper flow. Another approach, although not ideal, is to save the information into a table. Then process the table separately and perform the action you need.

  2. maxkatz Avatar
    maxkatz

    Hi Mike – I published a KB to help with your question: Is It Possible To Return a Value From an Action That Streams Records in Workflows?

    Reply

Leave a comment