x8h12 (x8h12) asked a question.
User Identification during Registration with consecutive Login
I'm looking to create a workflow that gets triggered upon user login/registration which identifies the user with his identity card, matches it against a directory entry and consecutively logs him into an application such as Jira, Slack or Salesforce. For identity verification, I've already been able to identify Evident ID as a possible app action where I'm currently in the process of retrieving an API key. I feel a bit lost regarding the other steps. Does anyone have experience with any of these steps or a similar workflow?
@x8h12 (x8h12) - This sounds more like an SSO scenario than a Okta Workflows product scenario. The Okta Workflows product (Workflow > Workflows console) is a no-code scriptable API client / endpoint that allows for interactions with endpoints.
We already have a working SSO integration with our own OpenID IdP, though would like to spin this further after the Okta platform receives the ID Token with the mentioned steps, i.e. continue after the user login/registration. Does that make sense to you?
@x8h12 (x8h12) - I think I understand what you are asking. Essentially you want to chain authenticate users into multiple different applications/vendors after they have performed their initial auth. While this may be possible, this is very likely not going to be something you leverage Okta Workflows product to accomplish.
Because of this, my previous response was made suggesting your inquiry be directed to the SSO subforum as the expertise there will more closely align with what you are trying to achieve.
Thanks for making this clear -- I've created a question in the SSO section as well: https://support.okta.com/help/s/question/0D54z00009qZDiWCAW/user-identification-during-registration-with-consecutive-login
Does this imply that you feel the Okta Workflows product is not suitable for an implementation like this? If so, what is the key limiting factor?
@x8h12 (x8h12) - I wouldn't even know where you would begin. Workflows would need publicly available endpoints to send data to. Those endpoints would need to know how to handle that data and associate it with the correct users. That would also assume any of the data you need to pass/modify etc is all UTF8 content.
Even something far less complicated than what you seem to be asking for is considered Yellow Zone (potentially fraught with problems)
Workflows System Limits:
https://help.okta.com/wf/en-us/content/topics/workflows/workflows-system-limits.htm
SAML assertion Inline Hook: https://developer.okta.com/docs/reference/saml-hook/
Token Inline Hook: https://developer.okta.com/docs/reference/token-hook/