Okta Automations enable you to quickly prepare and respond to situations that occur during the lifecycle of end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using apps to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. who are assigned to an Okta group. This helps improve efficiency and satisfaction among employees, partners, and contingent workforce. For example, automation can help for inactivity lockouts. If a user has been inactive for a set number of days and is on the verge of being locked out, you can use an automation to alert the inactive user in advance.
You set up an automation by defining the following items:
- Conditions — The criteria that triggers Okta to perform actions upon a group of end users. For each automation, you can choose one condition to apply to one or more groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.. Conditions can be scheduled to run once or to recur daily.
The following conditions are currently available:
- User inactivity in Okta
- User password expiration in Okta
These conditions are triggered according to a schedule and can be applied to one or more groups. Conditions are mandatory for automations on recurring schedules.
- Actions — The actions that you want Okta to perform when the scheduled conditions are true. The following actions are currently available:
- Send email to the user
- Change user lifecycle state in Okta
You must be a super, orgThe Okta container that represents a real-world organization., or mobile adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. to add automations.
Note: You can't use automations to change the user lifecycle state of a super admin. To prevent accidental deletions, Okta requires a super admin's lifecycle state to be changed manually by another super admin.
- In the Admin Console, go to Workflow > Automation.
- Select the Automations tab, and then click Add Automation.
- Enter a name for the automation, and then click Save. Screenshot
- Configure the following conditions.
Click Edit to select the schedule for the automation, and then click Save. The default selection is set to Run Daily, with a creation time stamp of the local time zone. For time zones, country or city names mentioned in the official Time Zone Database published by the Internet Assigned Numbers Authority (IANA) are admissible. The following options are currently available.
Specify the time and time zone for when the automation should run. Screenshot
Specify the date, time, and time zone for when the automation should run. Screenshot
Click Edit to select one or more groups to which the automation should apply, and then click Save. Note that the automation will apply to all members of the group, regardless of whether they are Okta-mastered or AD/HR-mastered. Screenshot
- Configure one or more conditions based on user state, attributes, or behavior.
At least one condition must be configured to trigger a workflow action.
Click Add Condition and select one of the following currently available conditions.User Inactivity in Okta
This option looks for active users who have not logged into Okta for a set number of days. Note that this option does not check if the user is active in apps that they log into through Okta because application session lengths may vary. For this reason, Okta recommends setting the Duration in the User Inactivity condition to be the same as or higher than the application length configuration.
- Configure one or more actions to be triggered by the conditions you set. Each action is executed independently from the other actions and does not run in any particular sequence. All actions are run once all conditions are met.
The following actions are currently available:Send email to the user
This option enables you to create an email template by using HTML and referencing Okta end user profile attributes within the body of the message. The Subject is required before you can Preview and Save the action. Note that if you don't use HTML, the email does not have any formatting and extra spaces and line returns are not preserved. Screenshots
- Select Activate from the Inactive/Active drop-down.
The Activate option becomes available after you configure all the required conditions and at least one action.
After an automation is moved to the Active status, it is executed according to the schedule settings configured for that automation. If you want to reconfigure an automation, you need to deactivate it first.
Note: Depending on the size of your organization, there may be a 24-hour delay between when your automation begins evaluating conditions and when the actions are executed.