MikeS.53991 (Customer) asked a question.
Hi Okta Community!
Is there a way to use workflows to assign users granular permission for specific applications they're assigned to?
For example:
When I currently assign a user to google workspace, they're created as a standard user. Is there a way to assign specific admin roles in google workspace through Okta with the help of workflows? I've been using attributes to assign users to groups in google workspace but can't figure out admin roles. I'm trying to figure out adding/removing specific application permissions if users change roles in the company or need temporary admin access to a specific application.
If this can be done, how would it differ for providing granular permissions to other applications? I believe some applications do this through assigning specific licenses to the user?
Thanks for your help with this!
Mike
@MikeS.53991 (Customer)
Workflows is an API client that can communicate with Google endpoints. Assuming Google has an endpoint that performs the action you wish to perform you should be able to build out a flow to achieve this.
Your first step will be to refer to Googles API documentation and locate the API to perform the function. Google typically provides a side-bar that allows you test the API directly from their page. They additionally have the Oauth playground to test in.
https://developers.google.com/oauthplayground/
To reiterate: If you can locate the process from Google's API documentation that meets your need then you should be able to leverage Workflows to build out logic to meet the use case. Such as "User was added to group", check the group that it was added to (maybe in a table), return the set of permissions for that group, foreach those permissions to a helper that then performs the logic to call Google and make the required changes. You would also need to mirror that logic in reverse to prevent permission creep. User removed from group, go reverse it.