JacobD.07175 (Customer) asked a question.
I have created a workflow that has an Okta "User Sign In Attempt" as the first step. When I log in with a suspended user, I get the generic error below (some attributes omitted or changed).
I would like to send an email to the suspended user explaining the issue, and telling them what they can do. Is this possible?
{
"_error": true,
"retry_count": 0,
"flo": 703070,
"method": "_GWD0Ir3P",
"execution": "xxxxxxx-04xx-4fee-9549-0b11xxx132a4",
"module": "okta.readUser",
"kind": "HTTP Request Error",
"statusCode": 404,
"headers": {
"accept-ch": "Sec-CH-UA-Platform-Version",
"date": "Fri, 10 May 2024 19:09:38 GMT",
"x-content-type-options": "nosniff",
"strict-transport-security": "max-age=315360000; includeSubDomains",
"set-cookie": [
"sid=\"\";Version=1;Path=/;Max-Age=0",
"autolaunch_triggered=\"\"; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/",
"JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxA5E9078DAFFC6; Path=/; Secure; HttpOnly"
],
"x-rate-limit-limit": "6000",
"p3p": "CP=\"HONK\"",
"x-okta-request-id": xxxxxxxxxxxxxxxxxx4790efd25xxxxxxxxxxxxxxx",
"x-rate-limit-reset": "1715368186",
"x-rate-limit-remaining": "5998",
"transfer-encoding": "chunked",
"connection": "keep-alive",
"x-xss-protection": "0",
"content-type": "application/json",
"cache-control": "no-cache, no-store",
"expires": "0",
"server": "nginx",
"vary": "Accept-Encoding",
"referrer-policy": "strict-origin-when-cross-origin",
"pragma": "no-cache",
"content-security-policy-report-only": "frame-ancestors 'self'"
},
"body": {
"errorCode": "E0000007",
"errorSummary": "Not found: Resource not found: unknown (User)",
"errorLink": "E0000007",
"errorId": "oaenBcY0i5FQtyzla_CI13kJA",
"errorCauses": []
},
"message": "404 Not Found",
"code": 404,
"description": "HTTP Request Error",
"steps": 8,
"source": {
"flo": "okta:1.0.628:hTTPRequest",
"method": "STX942N7AZy",
"execution": "xxxxxx-4294-xxxx-8766-xxxxxxxxxxxxxx",
"module": "http.call"
},
"_fatal": null
}
@JacobD.07175 (Customer) -- The Error provided here doesn't match up with the use case you described.
This error indicates you leveraged a Okta "Read User" card with a userID that is not valid for an existing user.
This can be determined from:
"module": "okta.readUser",
With an API Error response of:
"body": {
"errorCode": "E0000007",
"errorSummary": "Not found: Resource not found: unknown (User)",
"errorLink": "E0000007",
Suspended users can still have a "Read User" action against them. It is essentially just an API call to /api/v1/users/userId
When a suspended user attempts to login it starts a user.session.start
This event will provide the alternateId of the user attempting to login which can typically be directly leveraged through a "Read User" card to pull their profile attributes.
One thing of note the key:value of FAILURE: VERIFICATION_ERROR may not be limited to just suspended users but not properly logging in or failing MFA is a different value.
What this means is you likely are not going to want to leverage the built in Event card - Okta - "User Sign In Attempt" (user.session.start). Instead you will want to utilize the API Connector card paired with an Okta Core Event hook with Event Hook Filtering so you can filter to only the VERFICATION_ERROR + user.session.start
https://developer.okta.com/docs/guides/event-hook-filtering/main/
Doing this should allow you narrow the usage of the flow down to what you are targeting.