LeoH.09617 (Headspace) asked a question.
Using Okta Workflows To Create Custom Alerts and Notifications
Hello! I noticed that there's no built-in capability to enable custom admin alerts, such as a sending all Super Administrators an email when the Super Administrator role has been assigned to or taken away from a user. Although there are custom event hooks available for consumption by external services, I'm wondering if there is something Okta Workflows could be configured to handle. Is it possible to use Okta Workflows to send email alerts and notifications triggered by events from the System Log? If not, is this something that Okta might consider for its roadmap? Thanks!
@LeoH.09617 (Headspace) - Hi Leo. This functionality already exists in Workflows.
Couple of things to keep in mind. For "Real-Time" Workflows is essentially an "Endpoint" in your described scenario. This requires the vendor (In your example Okta) to have an event/web hook monitoring the specific event you are concerned for.
In Workflows this can be achieved by either utilizing built in "Event" vendor cards OR an API Endpoint card which allows a bit more flexibility. For Okta the list of eligible events can be found here: (filter to: event-hook-eligible)
https://developer.okta.com/docs/reference/api/event-types/#catalog
For non-eligible events you could query the Syslog between a period of time. This would need to be a scheduled flow which has a minimum cycle of 5 minutes. (Note, the required scope okta.logs.read is not granted by default. You would need to grant this in the Workflows Oauth app and re-authorize your connection).
Once the data you are looking to handle is received then it is just a matter of creating logic to put it into a format you want and then send out an alert via email/slack etc. This portion could be 1:1 when events are received OR could be a daily report where you store events to a table then have a scheduled flow that hourly/daily/weekly sent out.