Hi everyone!

I'm currently stuck trying to build an exit condition into my workflow.

The goal is to get device scoped to a static group in Jamf Pro so a policy can execute on the device. And then to use an exit event that I define from Okta System Log to trigger automation to remove that device/s from the static group. The events to look for would need to only be AFTER the trigger, for success signins to either Okta OIDC App ID *1 OR Okta OIDC App ID *2.

For some context the below is already done and confirmed working:

1. Triggers when an Okta user's password is reset.
2. Grabs the Okta username.
3. Connects to Jamf Pro API to find all devices associated with the Okta username.
4. Use List - For Each to process each individual device ID into just the device ID number i.e "22, 23" and then process each one with an Add to Static Group - Jamf card.

The above works fine but the tricky part is the exit condition. So for my logic is as follows:

1. Use a table to track UUID, Username, Device ID/s, PasswordChangedTimestamp, CompletionTimestamp, Status.
2. Right after the trigger use the Time - Now card to anchor the beginning PasswordChangedTimestamp

I'm having a bit of an issue putting together things from here. I have a "List - For Each" card processing deviceIDs and would technically need to overlap its function to push out those deviceIDs into the sheet. Those devices would then need to be tracked in a way that if they trigger again those UUIDs should be separate from the previously so there's no overlap. As well as automation needs to be able to handle tracking multiple instances at once i.e other devices with failover criteria if running for 3 days then it should end the workflow and clear out the entries from the sheet. That same clearing should happen at the end of successful exit.