Okta offers automations that allows admins to proactively manage the lifecycle of end users who are part of an Okta group. These automatons can be used to respond to specific use cases that arise during the user lifecycle, such as user inactivity and user password expiration in Okta.

• Automations
• Lifecycle Management (LCM)
• User Inactivity
• Password Expiration

There are multiple situations in which Automation can be useful:

• Okta Automation can be used for active users who have not logged into Okta for a defined number of days. In this context, active users refer to those who have active Okta accounts. Such accounts become active when users are added by administrators on the Manage Users page or when end users self-register in a custom app or the Okta Homepage, and email verification is not required. Additionally, user accounts can be explicitly activated by administrators.
• Okta automation can also be used for inactive users who have not engaged in any activity on their active account for a specified period of time. For example, automation can send an alert to inactive users when they are about to be locked out.
• Automations configured for User Inactivity in Okta work based on the user successfully Signing in to Okta if the user does not explicitly Sign in to the Okta User dashboard (User needs to have a User login to Okta - Success event which can be found by using the query eventType eq "user.session.start"). If the user just signs in directly to other applications, such as Microsoft 365, for example, that user does not have activity in Okta, and Automation configured to Change user lifecycle state in Okta will trigger when the condition is met.

Related References

• Automations
• End-user notifications for password reset using delegated authentication (DelAuth) are not supported
• Okta-mastered accounts, not those mastered in Active Directory