Step 2: Learn about the flow template

The Flow Chart is a high-level view of the template. Each icon represents an event, an action, or a function.

Flow Chart

User Assigned to Application

The event card is User Assigned to Application. This means that the flow is triggered whenever a user is assigned to the designated application in Okta. If you’ve already connected your Okta accounts, click Choose Connection and select the one you want to use. If you haven’t connected an account, see Authorization.

Whenever this flow is triggered, the event card will generate the following values as output:

  • ID: unique identifier for the AppUser, Okta User, or AppInstance
  • Alternate ID: userName for the AppUser or Okta User, or the customizable AppInstance name for an Application
  • Display Name: name of the AppUser or Okta User, or the default application name for an Application
  • Type: User, AppUser or AppInstance

For details, see User Assigned to Application.

Search Users

The first action card is Search Users. If you’ve already connected your Salesforce accounts, click Choose Connection and select the one you want to use. If you haven’t connected an account, see Authorization.

The output of the event card is used to search users in Salesforce. The AppUser’s Alternate ID is mapped from the Okta event card to the Username input field on the Salesforce card. If the user is found in Salesforce, their Salesforce User ID and Is Active? status will appear in the Result fields.

Read User > Lookup > Lookup > Create User

This branch of the flow is part of the If/Else function. If the User ID is null in the Search Users card, the user does not exist in Salesforce.

The Read User card fetches the entire Okta User output.

The first Lookup card checks the user’s department and assigns a Salesforce profile. You can change the mapping and edit the assignments, but remember that in an Okta profile, Department is case sensitive.

The second Lookup card assigns Salesforce feature licenses. You can change the mapping and edit the assignments, but remember that in an Okta profile, Department is case sensitive.

The Create User card generates a new Salesforce user ID based on the Read User output (First Name, Last Name, Username, and Email) and the Lookup output (Profile and Feature Licenses).

Continue If > Activate User

This branch of the flow is part of the If/Else function. If the User ID is not null in the Search Users card, the user already exists in Salesforce. The flow then determines whether the user is active.

If the Is Active? field is False, the flow continues to the Activate User card.

If the Is Active? field is True, the flow generates an output message of User was found active.

Next steps

Step 3: Trigger the flow in Okta