<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AH8fURCQZOkta Identity EngineWorkflowsAnswered2024-11-04T21:50:15.000Z2024-10-31T21:30:36.000Z2024-11-04T21:50:15.000Z

MikeL.53962 (Customer) asked a question.

October 31, 2024 at 9:30 PM
Okta Workflows - Trigger account suspension in downstream application

Hello community, looking for some guidance on creating a workflow to suspend an account in a downstream application when the Okta identity for the user is suspended. There is no native connector for the application in Okta workflows so I believe I'm going to need to use the API connector for which I have a token for however I need assistance with the coding. Was posting this to the community to see if anyone has a template and can provide some guidance. Not a strong coder so please bear with me. Thank you!

  • 4 answers
  • 255 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @MikeL.53962 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    Suspending a user in the downstream application would be dependent on the app's API and whether or not it supports such actions. 

    The public references we have, typically refer to the Okta user status, not the downstream one. Example: 

    Suspend User

    Trigger a flow when a user is suspended in Okta API

     

    I've checked the Workflows Discussion Group as well as the Workflows Templates list on the devforum side and haven't found an example for this particular use case, but you can post your question there to see if someone perhaps has something that helps. 

      

     

    Regards.

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post

  • TimL.58332 (Workflows)

    @MikeL.53962 (Customer)​  -- You will need to refer to the vendors API documentation.

     

    Typically an API key would require a "Custom" connection with the API Connector. The custom connection provides a Key:Value header pair. It would look something like:

     

    • Authorization
    • Bearer YourKeyValue

     

    Okta for example doesn't use Bearer YourKeyValue it used SSWS YourKeyValue which is why it is important to see what their server expects via their documentation.

     

    Then the next step would be to do a simple method GET query to confirm the connection is working. Example URL: https://example.com/api/v1/users/yourUserId for the service. If it returns a payload with your data you know the connection is working.

     

    The next step would be to locate their documentation on how to deactivate/disable/delete what ever the process you need to do for a specific user account.

     

    For example to "Deactivate" a user you may need to use the specific user ID which might be a unique value ffor their system. xx-543890 or something. Since you don't know what that value is.. can you "GET" user data with something you do know such as "Email"? And if so does that contain the xx-543890 value you need to use later for the deactivate?

     

    Once you work out that process through your manual testing you can then automate it by leveraging an Event - Okta card monitoring for a specific event type. For example "User Deactivated". Using the card will create an Event Hook in Okta pointing to that specific Workflow. So when a user becomes deactivated the System Log event will be passed via an Event Hook to Workflows. This will inform on who the deactivated user is and can be used to perform the "manual steps" that you successfully tested previously.

     

    If you want something like this scoped, built out, tested for you it would require a Professional Services (PS) engagement. If you are interested in a PS engagement please reach out to your Okta Account Executive.

    Expand Post

    • MikeL.53962 (Customer)

      Thanks Tim, appreciate the detailed response. I have reviewed the vendor's API documentation and they use OAuth 2.0 for authentication so I am trying to establish the connection now via the API Connector in Okta Workflows. Once I have the token information in I will try a GET command to see if I get a payload. Next, I see with a PUT command, there is a way to toggle (Boolean attribute) for a "User - Toggle suspended status", which I believe I can set to either false or true. It's just about putting this event and action all together now for this workflow. Thanks again for taking the time to respond.

      Expand Post
This question is closed.
Loading
Okta Workflows - Trigger account suspension in downstream application