User1697960304343261433 (Customer) asked a question.
Okta workflow to trigger MFA when user attempts 3 unsuccessful failure attempts
Can anyone please help me to create workflow to remove user from group after 1 hour and to clear the table after 1 hour.
Our requirement is to trigger MFA to user account after 3 unsuccessful attempts this requirement is not there in okta so I have created flow to take user sign in attempts and update the details in table If user failed sign in attempt is >= 3 then we will assign user to high risk group and we will create policy for this group as mandatory MFA up till this I have completed now I need flow to remove user from group after 1 hour and to clear table after 1 hour.
Please help me!
It really depends on how often you want the check to be. If they do it 3 times in a row? In an hour?
Depending on your use case, you can start either with a MFA event, or a system log search every X minutes/hours/ whatever interval you want to look into.
You can then add the user into an table with the user ID, a number for the times they failed. On each fail, read the table, check if the user ID is in it. If it is, add 1 to the number of fails. If is not, add them.
Do a continue if new number equals 3, and start a helper, that will add the user to the high risk group, writing to a table with the user ID and the time of adding.
Have another flow on a timer running every X minutes, sending all users from the second table to a helper flow. Check current time equals to added to table time plus 60 minutes. If true, remove user from group, delete row.
Hopefully this gives you a starting point on implementing/testing this.