Okta offers automations that let admins proactively manage the lifecycle of end users in an Okta group. These automatons can be used to respond to specific use cases that arise during the user lifecycle, such as user inactivity and user password expiration in Okta.

• Automations
• Lifecycle Management (LCM)
• User Inactivity
• Password Expiration
• Okta Identity Engine (OIE)
• Okta Classic Engine

There are multiple situations in which Automation can be useful:

• Okta Automation can be used to identify active users who have not logged in to Okta for a defined number of days. In this context, active users are those with active Okta accounts. Such accounts become active when administrators add users on the Manage Users page or when end users self-register in a custom app or on the Okta Homepage, and email verification is not required. Additionally, user accounts can be explicitly activated by administrators.
• Okta automation can also be used for inactive users who have not engaged in any activity on their active account for a specified period of time. For example, automation can send an alert to inactive users when they are about to be locked out.
• Automations configured for User Inactivity in Okta work based on the user successfully signing in to Okta if the user does not explicitly Sign in to the Okta User dashboard (User needs to have a User login to Okta - Success event which can be found by using the query eventType eq "user.session.start"). If the user just signs in directly to other applications, such as Microsoft 365, for example, that user does not have activity in Okta, and Automation configured to Change user lifecycle state in Okta will trigger when the condition is met.

Related References

• Automations
• End-user notifications for password reset using delegated authentication (DelAuth) are not supported
• Okta-mastered accounts, not those mastered in Active Directory