Okta Automations enable you to quickly prepare and respond to situations that occur during the lifecycle of end users who are assigned to an Okta group. This helps improve efficiency and satisfaction among employees, partners, and contingent workforce. For example, automation can help for inactivity lockouts. If a user has been inactive for a set number of days and is on the verge of being locked out, you can use an automation to alert the inactive user in advance.

You set up an automation by defining the following items:

  • Conditions — The criteria that triggers Okta to perform actions upon a group of end users. For each automation, you can choose one condition to apply to one or more groups. Conditions can be scheduled to run once or to recur daily. The following conditions are currently available:
    • User inactivity in Okta
    • User password expiration in Okta

    These conditions are triggered according to a schedule and can be applied to one or more groups. Conditions are mandatory for automations on recurring schedules.

  • Actions — The actions that you want Okta to perform when the scheduled conditions are true. The following actions are currently available:
    • Send email to the user
    • Change user lifecycle state in Okta

Note: Email automations are not available for paid developer orgs or free trial editions of Okta.

Add a new automation

You must be a super, org, or mobile admin to add automations.

Note: You can't use automations to change the user lifecycle state of a super admin. To prevent accidental deletions, Okta requires a super admin's lifecycle state to be changed manually by another super admin.

  1. In the Admin Console, go to Workflow > Automations.
  2. Click Add Automation.
  3. Enter a name for the automation, and then click Save. ClosedScreenshot

  4. Configure the following conditions.


    Click Edit to select the schedule for the automation, and then click Save. The default selection is set to Run Daily, with a creation time stamp of the local time zone. For time zones, country or city names mentioned in the official Time Zone Database published by the Internet Assigned Numbers Authority (IANA) are admissible. The following options are currently available.

    Run daily

    Specify the time and time zone for when the automation should run. ClosedScreenshot

    Run once

    Specify the date, time, and time zone for when the automation should run. ClosedScreenshot

    Group membership

    Click Edit to select one or more groups to which the automation should apply, and then click Save. Note that the automation will apply to all members of the group, regardless of whether they are Okta-mastered or AD/HR-mastered. ClosedScreenshot

  5. Configure one or more conditions.

    Click Add Condition and select one or both of the following currently available conditions.

  6. Configure one or more actions to be triggered by the conditions you set. Each action is executed independently from the other actions and does not run in any particular sequence. Actions are run one time after all conditions are met.

    The following actions are currently available:

  7. Select Activate from the Inactive/Active drop-down.

    The Activate option becomes available after you configure all the required conditions and at least one action.


    After an automation moves to the Active status, it is executed according to the schedule settings configured for that automation, and then repeated every 30 days. If you want to reconfigure an automation, you need to deactivate it first.

Note: Depending on the size of your organization, there may be a 24-hour delay between when your automation begins evaluating conditions and when the actions are executed.