Okta Basics curriculum: Workflows: Automate Identity-Specific Tasks without code
Okta’s pitch here is that admins can automate workflows without needing custom scripts or code – essentially if/then statements, automated! Let’s see what this actually looks like…
First spot that Workflows come in handy is during user provisioning and deprovisioning – Okta gives you the option to automatically assign app licenses when a default account is created, or in my case below, suspend a user’s account if they haven’t been active for a certain period of time.
The usefulness of these workflows is of course to make onboarding/offboarding/role changes easier for the IT admins – the more automation, the less manual work they have to do, and the less risk of something getting missed.
Okta also has automation options for manual tasks that are not integrated into Okta – you can automate a ticket creation that instructs the IT admin to move forward with those manual tasks.
They also offer a neat feature that would have come in handy during my compliance days – you can schedule access changes for different timeframes for the same user. The example they use in the training is someone who leaves and has their access revoked, but still needs access to HR/payroll for tax purposes. Okta allows enough automation that access to that last piece can be revoked automatically after one year. Smart tool there, and helps eliminate the chance that that access could get missed or forgotten about.
Similarly, you can structure a workflow to allow temporary access and then revoke it automatically – useful for third party contractor management especially – which again helps eliminate the risk that someone will forget about the account and decommission it late.