btc60 (btc60) asked a question.
Hi, I am looking if there is a way where we can get alerts when a member is added or removed from a group in OKTA
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
Hello @btc60 (btc60)
Thank you for posting.Okta does not offer an official solution that performs as described. I recommend you to create an Idea for this feature: https://support.okta.com/help/s/article/Okta-Ideas-Step-by-Step-Guide?language=en_US
Regards
Henry E.
Okta Inc.
Hello Kishore,
This would be achievable utilizing Okta Workflows and building out a set of flows. The key condition for making stuff like this possible in Workflows is the eligibility of the events. See:
https://developer.okta.com/docs/reference/api/event-types/?q=event-hook-eligible
Since group.user_membership.add & group.user_membership.remove are eligible events you could create an Event Hook that monitors for those events and sends the payloads to an API endpoint (Workflows). You could then run flow logic to create a notification (Slack / Email etc..).
Since this would occur on every single group add/remove event. You could even add in logic inside the flow to only monitor for specific groups. If the "change" isn't a group you want to monitor just end the flow immediately.
Hello @TimL.58332 (Workflows) Thanks i was able to monitor the groups, but the request is a bit different for me
@btc60 (btc60)
If you leverage an "Event Hook" and not a built-in "Okta Event" card you can have one hook and one endpoint to manage multiple event types. In Okta Workflows, create a new flow. In the "Event" column choose API Endpoint. Give the flow a name and save it. Then click the < / > icon on the card. Set it to a Webhook then copy the Invoke URL
In the Okta Admin UI under Workflows > Event Hooks you would create an event hook. Give it a name, and select the events (Group add/remove in your instance). In the URL field paste in the Invoke URL captured previously. This Event hook will monitor for both event types and pass the payload to the API Endpoint defined by the URL value. Then in the Workflow you can test (both add/remove) and pull the relevant data from the events and do something with it.
For the second question I would leverage a table. Depending on the size of your org getting alerts every time a user is added/removed could be very noisy. You could record the pertinent data to a table at the end of the flow in question. You could then have a second flow that runs daily or weekly that exports the table, sends the exported table as an attachment (or maybe uploads it to a "drive" service), and finally clears the table. Note: Tables are limited to 100k rows, so you need to ensure a peak usage <time frame> can't exceed the value.
Adding some screenshots as an example: Event hook configured to trigger on group add/remove. Delivers payload to API endpoint to start flow.
Do more stuff.. is what ever you want to do with the data now that you have confirmed it is a data set you want to work with. You could "create an alert" or "write stuff out to a table" etc..
@TimL.58332 (Workflows)
Thanks for the detailed steps. One quick question, can we send the scheduled report in an excel/csv/txt as an attachement
Yes. The email services cards have the option to include attachments. I believe all of them require a "list of files". So, for example if your outputted list of objects was processed via a "For Each" into a Helper flow to generate one row per object into a Table, then in the Parent flow exported the table it would be a CSV with a type (File). You could then move this output into a List -Construct card to have a new output of a "List of Files" which would be acceptable for the email cards.