User15976987613926449178 (Customer) asked a question.
Hello,
I am trying to create a workflow that will kick off when a new user is created and based on the department, add the user to multiple groups.
Is there an easy way to do this?
Thanks
John
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
Yes, here are a few options to accomplish your goal:
#1 you can setup a flow with the following cards: when "User Created", "Read User" (to grab the department or any other attribute of user created), "If/Else" card and set condition to "Department == XYZ". If true, then use a "Add User to Group" card. If false, then use a "Return Error" card.
#2 Simply use group rules in the Okta admin console. For instance, If "user.department == XYZ", then add them to XYZ group(s). This takes away the need for a Workflow and is much more straightforward. It is not as flexible though, so if you are looking to expand then a Workflow is a great choice.
#3 Finally, and a bit more complicated, Okta has a template that you can use for this use case and it is pretty flexible. It is "Manage Okta Group Membership Based on Profile Attributes", but the flow itself is much more complex than option #1. Walkthrough for this can be found here: Workflows Template: Manage Okta Group Membership Based on Job Code or Profile Attribute Mapping
Hope this helps!!
Thanks
Thanks, #1 is what I am trying to do, but I am very new to workflows and am having a hard time.
John
Your best bet, assuming it has to be a workflow (I am partial to #2 given the stated need here), is most likely number one as it includes the fewest components. It might be a good use case to get used to Workflows on then build out to their provided template.
Again, I would simply use the trigger, or "When this happens" in the flow, to be "User created". Follow the rest after as stated above. Please feel free to share any screenshots of what you have and I will be happy to assist.
Please see attached for very high level overview.
thanks!!
This needs to be a workflow because it is more than just adding users to groups.
When I try to use the add user to group all I get is an error that the group can't be found. I have tried using the group name as well as the group ID with no luck. I checked and my trigger of new user created and read user cards are working, but the if/else card doesn't appear to be working. This is what I have:
More info:
Great stuff so far then! So first and foremost, for the Group ID, do not use the group name but instead use the group ID, such as "00g1dtnxx3mvwCAgr0h8". You can find that in your URL when selecting the group via the Admin UI.
As for the If/Else not working, do make sure the value is a copy paste to ensure no pesky spaces or anything throwing it off. As for the "Read User" card as well, make sure you are dragging over "Okta User" > "ID" to get the User ID of the account created. This will use the actual "User ID" of the user created and will give the accurate "Department" value of the user created.
Finally, under the "Add User to Group" card and in the "User ID" input, do not use the "Username" value but instead drag over the same "Okta User" > "ID" value outlined above in my last comment. The IDs these cards refer to are not their friendly names but instead their actual ID's.
Thank you! The ID was the issue. I thought I had tried that but apparently I either copied a space or something else.