User16880603318257874714 (Customer) asked a question.
We're using JAMF Connect, and have new users set to change their password at first logon, if users are prompted for JAMF MFA they're not getting a change password prompt so we've put them in a No MFA group for the first logon.
Can we automate a Workflow to remove them from the No MFA group after first logon?
Hello @User16880603318257874714 (Customer) , thank you for contacting Okta Community.
I've brought up your question to our specialized team. It appears that this will be an expensive workflow that would trigger on every sign-in, for all users: User Signed In Attempt event, then you would have to run the Get users Groups, and if "no MFA" run the "Remove user from group".
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
@User16880603318257874714 (Customer) -- I am not entirely certain which Event you are seeing triggered in this scenario. However, I am going to assume it is: user.authentication.sso
As Diana mentioned previously having an event hook against user.authentication.sso is typically not considered a good use case as it is extremely busy event. However, if this is the event AND it is limited to a specific condition like JAMF it might be viable using Event Hook Filtering.
With Event Hook Filtering enabled (Pretty sure it is still EA) it provides an additional step in Workflow > Event Hooks creation process that allows a limited subset of Event Attributes to be filtered against allowing you to limit the event firing to a subset of the total.
So for example user.authentication.sso you could limit it to a specific target.id (so a specific application Id) and ONLY if it was a successful login. There are possibly a few other of the filterable attributes that could be leveraged to further narrow it.
This would at least limit it to SSO connects to a specific application and not ALL applications greatly reducing the repeated processing.
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.
@User16880603318257874714 (Customer) -- I am not entirely certain which Event you are seeing triggered in this scenario. However, I am going to assume it is: user.authentication.sso
As Diana mentioned previously having an event hook against user.authentication.sso is typically not considered a good use case as it is extremely busy event. However, if this is the event AND it is limited to a specific condition like JAMF it might be viable using Event Hook Filtering.
With Event Hook Filtering enabled (Pretty sure it is still EA) it provides an additional step in Workflow > Event Hooks creation process that allows a limited subset of Event Attributes to be filtered against allowing you to limit the event firing to a subset of the total.
So for example user.authentication.sso you could limit it to a specific target.id (so a specific application Id) and ONLY if it was a successful login. There are possibly a few other of the filterable attributes that could be leveraged to further narrow it.
This would at least limit it to SSO connects to a specific application and not ALL applications greatly reducing the repeated processing.