Available Workflows templates

The following is a list of currently available templates. Each template links to its respective GitHub documentation page and supporting resources.

To get started with one or more of these templates, see Add a template to your Workflows environment.

If you have an idea for a new Workflows template, visit Okta Ideas to submit your suggestion.

The following tables are organized based on the primary connector used in the template:

Okta and Auth0

Connector

Template

Description

Okta

Assign group memberships temporarily based on time

Grant membership to an Okta user group for a limited time. For example, a group that gives auditors access to applications, but revokes access after 30 days. Another example might be a temporary development project that developers need to access.

Okta

Audit Okta admin roles and last sign in to the Admin Console.

Periodically auditing admin access to your Okta org can help to ensure that users have the correct admin roles. Auditing also helps to identify users who may no longer need admin access based on activity. This template identifies all admin users (users assigned to the Admin Console) and writes their information to a table, including admin role assigned and last Admin Console access.

Auth0

Close abandoned accounts

Abandoned accounts are less likely to have strong passwords and multifactor authentication. This template illustrates how Okta Workflows can be used to enhance your application's overall security by removing these abandoned accounts. Use this template to automatically alert inactive users about account expiration and then remove any users from Auth0 if the accounts remain inactive.

Okta

Google Drive

Create a report on multiple Okta events

There are scenarios where you need to use multiple events for a singular purpose. Instead of creating and maintaining separate copies of each flow, you can use helper flows and tables to limit repetition in your flows. This template demonstrates a simple pattern for creating a daily report of user attributes from three Okta events: User Created, User Okta Profile Updated, and User Deactivated. The template then uploads a daily report to Google Drive through a scheduled flow that runs every midnight.

Okta

Detect and respond to MFA Fatigue attacks

Multifactor authentication (MFA) fatigue is a technique used by attackers to flood a user's authentication app with push notifications. If they accept a push notification, the attacker gains entry to an account or device. These templates provide a means to detect and respond to active attacks against your Okta org.

Okta

Detect suspicious MFA push notifications

This template uses an event hook that triggers the flow when Okta Verify sends a push notification.

This flow checks the geolocation (city, state, and country) of both the sign-in request (source) and the successful Okta Verify push (destination). If the city is different, the flow continues to gather information for a security team investigation.

You can easily modify this flow to notify other downstream applications based on business needs.

Okta

Encourage stronger MFA adoption

This template encourages Okta end users to enroll a stronger factor with their account by monitoring the enrollment and use of SMS as a factor.

Okta Identity Governance

Enable a grace period for Identity Governance Access Certification

During an access certification, some organizations might allow for revoke decisions. Some campaigns implement a grace period where end users retain access to the resource for a period before their access is revoked. This template enables this configuration for a campaign, applying the revoke decision at a future date. The date is determined according to the number of days granted as a grace period.

Okta

Google Forms

Microsoft Forms

Postman

Form submission to Okta Workflows API endpoint

Various cloud platform services allow IT administrators and developers to configure forms that send a POST operation to a URL endpoint. Okta can use the data sent by the operation to the Workflows API Endpoint to onboard or offboard employees, add or remove users from Okta groups, or use any configured Workflows connector. This template demonstrates how to complete these tasks using Postman, Google Forms, or Microsoft Forms.

Okta Realms

Generate reports for Okta Realms

This template generates a comprehensive report of all Okta Realms created within an Okta org. It includes detailed information on user assignments to each realm, providing a clear overview of user distribution and realm configurations.

Okta

Generate unique usernames with user import inline hooks

IT administrators need to have a unique Okta username to add a new hire within an organization. This template uses inline hooks and Workflows to check to see if the imported user exists within the Okta Universal Directory. If the user exists, the template increments the username to make it unique. For example, jessiedoe1@example.com.

Okta

Hardening customer verification with email factor challenge

Hardening customer identity authentication is critical to improving security and avoiding fraud, and creates two interesting challenges. First validating the identity of the customer beyond traditional static password-based authentication to include a reliable Time-based One-Time Password (TOTP). Second, continuing to provide a frictionless experience without compromising security.

Okta

Identify inactive Okta users

Using specific criteria to identify inactive users, this template determines whether your Okta tenant has stale accounts missed by a manual deprovisioning process. For example, removing stale accounts allows you to free up expensive application licenses for other users.

This template searches for all users in an Okta tenant whose last sign-in timestamp was before a certain date, and then writes information about those users to a Workflows table. You can export the data in the table to a downloadable CSV file, or send it as an attachment to an email for periodic reporting. You can also extend this template to suspend inactive users.

Okta

Slack

Identify inactive third-party users

Identifying inactive users of SaaS applications managed within Okta is a great way to maintain a principle of least privilege. By searching for inactive users (based on previous sign-in data), you can perform any remediation actions required by your company policies. This information also shows what expensive application licenses aren't in use and can be canceled or reassigned.

This template searches for users of a given application who haven't signed in during a specified time window and adds those users to an Okta group.

Okta Identity Governance

Google Sheets

Implement backup of Okta Identity Governance application entitlements with Okta Workflows

The Entitlement Management feature of Okta Identity Governance allows you to create, store, and manage app entitlements for the users in your Okta org. Entitlement Management ensures that users in an org have the right permissions for each resource.

This template stores a copy of your entitlements to a Google Sheets document for backup purposes. You can run the flow on demand, or you can configure it to run periodically. You can monitor or troubleshoot changes to entitlements, or backup and automate responses to specific events.

Okta

Implement log streaming with Okta Workflows

This template focuses on implementing log streaming and Okta Workflows to capture specific event types from the Okta System Log. Log streaming enables the export of System Log events in near real-time to platforms like Amazon EventBridge or Splunk Cloud. You can use this functionality for monitoring suspicious activity, automating responses to specific events, or troubleshooting.

Okta

Initiate a flow with an API endpoint

Okta Workflows is a powerful tool to implement custom business logic. Instead of creating an object directly in Okta (for example, a user, application, or group) using REST APIs, you can send the object request along with its JSON payload to Workflows. Then you can implement custom business logic to check for existing objects in Okta or to reach out to a third party to verify data. Based on the results of the dynamic logic, Workflows decides on actions and provides flexible processing options.

Okta

Introduction to Custom API Actions

Sometimes a connector doesn't meet your needs because of a missing action. With the Custom API Action method, you can get around this limitation by making a generic HTTP request to any of the connectors that Workflows has available. This flow uses a custom Role attribute as part of an Okta user profile. If the user is created with a Support role attribute, the user is added to the HELP_DESK_ADMIN role in Okta.

Okta

Slack

Introduction to lists and helper flows

A great deal of data exists in list format, such as user or application objects. Okta Workflows allows you to process lists in a comprehensive manner using helper flows to operate on each member of the list. There are various ways to process a list. Performing a discrete action on each item without returning anything to the parent flow is common. You can also keep a cumulative output of each item iteration that can be returned to the parent flow. There are many other List operations. See Parent flows and other flow types.

Helper flows are simply subroutines that exist as a separate flow but can only be called from a main or parent flow. Helper flows are useful not only for processing lists, but also for reusing code, evaluating team contributions, and cleaning up code.

Auth0

Link new users to existing accounts based on email

This template illustrates how Okta Workflows can streamline customer identity management by automatically linking duplicate customer accounts in Auth0. This template checks the email address for every new user that signs in to your website against your existing user base. If a duplicate is found, the template automatically links the user's two Auth0 accounts.

Okta

Make API requests with the HTTP Request card

Many organizations that integrate with web services need to use a secured HTTPS endpoint to invoke a SaaS application or an on-premises API secured through an API gateway. This flow illustrates the use of the Okta Workflows HTTP Raw Request card for GET and POST operations with some sample content. It also illustrates how to process JSON using various Workflows cards.

Okta

Manage Okta group membership based on profile attributes

In many organizations, a set of Okta group memberships are determined based on job codes or more generally, by user profile attributes to implement role-based access control (RBAC). This flow illustrates group assignment based on user profile attributes.

Okta

Slack

Monitor unsuccessful phishing attempts

This template uses an event hook that triggers the flow when a phishing attempt is unsuccessful. The flow sends the IP address of the phishing site and the affected user to a Slack channel for further investigation.

Okta

New user registration

In Customer Identity and Access Management (CIAM) use cases, many business units, locales, and brands may require distinct user management operations. This template demonstrates how to implement custom processing of the registration context.

Okta

Slack

Notify a user when their profile is updated

A user profile may be updated for many reasons: a scheduled change by HR, a change to personal information, or another automated change. However, can you always be sure that the data in the user profile is accurate and updated legitimately by the user or an authorized admin? This flow allows you to send a message (for example, through email or Slack) to notify the user of a profile update. Then they can review and confirm those changes.

Okta Identity Governance

Okta Identity Governance - Access Certification Campaign Examples

These example flows show you how to create Okta Identity Governance Access Certification campaigns. A campaign can target a particular resource, such as an app or group, or a particular set of users, with or without entitlements.

The examples also demonstrate how to use various reviewer types and the Okta Expression Language (OEL).

Okta

Gmail

Pre-enroll users in SMS multifactor authentication before activation

User activations typically allow users to choose and enroll in an MFA factor when they sign in for the first time. Improve your security posture by validating the user's identity during sign-in. Users can be enrolled in the SMS factor using the profile phone number from Active Directory or the HR system. This flow automates this process and verifies that the user is authorized to receive an activation notice and can access their company's resources.

Okta

Quarantine an Okta user by sending a webhook to Workflows

Acting on compromised accounts helps increase the security posture of any organization. External systems like Splunk constantly analyze data, searching for specific patterns that could indicate a compromised account. If an account is identified, organizations could quarantine the account and prevent further access to critical applications.

When exposed as a webhook, external systems can invoke this flow to help incident response efforts, by adding the user to a quarantine group. This quarantine group is associated with individual application sign-on policies to deny access. At the end of the flow, Okta clears the user session, forcing the user to reauthenticate. The user is now limited to only the applications that aren't associated with the quarantined event.

This flow could be extended to notify the end user, managers, or administrators through emails, text messages, or collaboration tools such as Slack or Microsoft Teams.

Okta

MuleSoft

Reference an on-premises LDAP

This template is an example of referring to an LDAP repository to perform a generic search within Okta Workflows. It can be modified and applied to any sort of repository such as an SQL database. This example uses the MuleSoft Anypoint platform to host the API Endpoint consumed by Okta Workflows.

Okta

Remote sync

Many CIAM customers have multiple user stores that need to be maintained until legacy systems are decommissioned. When the identity information sourced in Okta changes, these attributes need to be synchronized downstream. This template provides an easy-to-implement, fully customizable method to update a remote system with CRUD (create, update, and delete) operations.

Okta

Slack

Report suspicious activity

This template provides an end user with the option to report unrecognized activity from an email notification about account activity. When end users receive a security email notification, they can send a report by clicking Report Suspicious Activity. Once they review the activity, they can confirm and complete the report.

Okta

Google Workspace

Office 365 Admin

Zoom

Reset user Sessions in Okta, Google Workspace, Office 365, and Zoom

Revoking a user's IdP and application sessions in a timely manner is a crucial part of responding to security-related events. This template provides an example of how to revoke user sessions in Okta, Google Workspace, Office 365, and Zoom. The template uses a single flow that is triggered as a helper flow. This helper flow is useful with events such as:

  • An Okta user being suspended

  • An Okta user reporting suspicious activity

  • An Okta admin performing a password reset on a user

  • An Okta admin triggering a delegated flow

Okta

Gmail

Slack

Send notifications for a breached password event

This template provides a sample flow to notify users when their credentials have appeared in a list of breached credentials. The Okta System Log records this as a breached password event.

The template uses an event hook to trigger an API endpoint and start the flow. It then composes a notification message and sends it to your user through the Gmail and Slack connectors. These connectors are only provided as an example notification method. You can adapt the template to meet your specific business processes and applications.

Okta

Suspend inactive users

In many organizations, users retain their access for longer than necessary. You may be working with a contractor who needs access to a single app or your offboarding policies aren't adequate for an ex-employee. For example, when a user hasn't signed in for months and you want to suspend them until you're notified that they do actually need access. You want to implement such a policy as part of a strong security posture. This flow reads all active users in your environment, and if they haven't signed in within the past six months (180 days), suspends them.

Video: Suspend Inactive Users

Okta

Temporarily exempt users from MFA

Employees often lose and replace their mobile phones. You can give a user temporary access to reset a secondary authenticator. Do this by scoping a user to a less strict authentication policy until they have a device that complies with high assurance sign-on policies. This template exempts an Okta user from MFA policies for a predefined period.

Video: Temporarily exempt users from MFA

Okta

Slack

Tracking and alerting for possible account takeover attempts in Okta

Account takeover is a significant target for fraud, achieved when bad actors manage to reset passwords or change access levels for privileged accounts. Dynamically monitoring and responding to these two vectors with automated flows greatly reduces the risk of these costly attacks. This template illustrates how Okta Workflows can automate responses to combat account takeover (ATO) attempts. The template also illustrates how to mitigate risk with self-service and helpdesk-based account recovery. The template watches for user password and MFA factor reset and activation events to determine if the user's account is under threat of an ATO.

Okta

Slack

Trigger automatic notifications when all MFA factors are reset

Various vectors can cause a reset of all MFA factors: a bad actor, human error, or an IT administrator helping a customer. Timely notifications that enable internal teams to identify next steps is critical for improving security and reducing risk. This template demonstrates how internal teams can be automatically notified when all MFA factors for a user are reset.

Okta

Validate and substitute special characters

When generating technical fields from a user's name, such as samAccountName or an email address, the data often contains invalid characters in the specified data field. For example, a space character inside an email address. This template identifies some of the most common special characters and provides substitutions. The validated or repaired name is then placed in a user profile attribute in Okta. This preserves the original name for display purposes, and allows you to use the updated name for technical purposes.

Okta

Validate email domains during registration

Okta inline hooks allow you to trigger custom processes at specific points within Okta process flows.

The flow in this template is called by an inline hook during the user self-registration process. It uses a Workflows table to enforce email domain validation. If the user's email domain isn't included in the Workflows table allowlist, the registration is denied with an informative error for the user.

Okta

Workflows tutorials

The Workflows tutorials template is a comprehensive guide designed to enhance your experience with Okta Workflows. This resource demonstrates the powerful automation capabilities of flows to both beginners and advanced users. Integrating this template into your Okta preview organization gives you access to sample users and a suite of flows showing the versatility and efficiency of Okta Workflows.

Google

Connector

Title

Description

Gmail

Send a welcome email to a new user of an application

A welcome email is the first impression that an organization makes on a new customer or employee. Welcome emails can deliver a special promotion code, provide information to enhance the user experience, or send a friendly hello. This template demonstrates how a welcome email can be sent automatically to a new user.

Gmail

Google Drive

Send email with attachment

This template demonstrates sending an email using Gmail with an attachment from Google Drive.

Google Drive

Reassign files while deprovisioning with Google Drive

Many organizations that use Google Drive, require a mechanism to transfer the contents of a user's Google Drive to another user, for example when the original user leaves the company. This flow shows how you can transfer the files from the user's Google Drive to the manager and then delete the user.

Google Sheets

Gmail

Create a report with Google Sheets

Many organizations have custom, org-specific needs to report on particular lifecycle events, and share that data with others in the organization. The Okta System Log is powerful but is restricted to Okta admins, and also doesn't allow for scheduled reports. This flow demonstrates building a custom report in an online spreadsheet (using a \"user suspended\" event, and then sharing that report with stakeholders when the event occurs.

Google Sheets

Import users from Google Sheets

When you need to import disconnected user populations, like contractors or specific office locations, a CSV or flat file is the easiest way to create those users in Okta. This flow guides you through how to bring in users from Google Sheets and how to use For Each loops. The flow reads all users in from a specific Google Sheets file and creates them in Okta regularly on Mondays at 06:00 PT.

Google Workspace

Generate unique emails

To onboard users in an organization, IT needs to generate unique email addresses for their end users in downstream applications like Office 365 and Google Workspace. This flow generates the unique email addresses for all the users onboarded into Okta.

Google Workspace

Make a raw HTTP request to G Suite

Our current Google Workspace connector doesn't provide access to all endpoints within the Google Workspace API. The Custom API Action card is also restricted to the directory and licensing API Endpoints. You can use this template to create a raw HTTP request to obtain the scopes you need.

Google Workspace

Gmail

Manage Google Workspace user licenses

This template allows you to disable a user in Google Workspace and then after a specified delay remove their assigned Google Workspace licenses. Another part of the flow reactivates the user and reassigns the previously removed Google Workspace licenses.

Google Workspace

Gmail

Google Calendar

Okta

Offboard Google Workspace users

This template shows you how to perform several tasks in Google Workspace when offboarding a target user.

  • Mailbox delegation
  • Mailbox forward emails
  • Mailbox auto-reply
  • Clear Okta user sessions
  • Remove Google Workspace licenses
  • Remove all user Google Workspace ASPs
  • Remove all user devices in Google Workspace
  • Remove all user access tokens in Google Workspace
  • Deactivate Google Workspace directory user
  • Create Google Drive transfer request
  • Create Google Calendar transfer request

Google Workspace Admin

Password sync for ChromeOS devices

Google ChromeOS is a rapidly growing platform that has many advantages over legacy operating systems. With ChromeOS and Okta you can authenticate to your device using your Okta credentials and keep those credentials in sync with Okta Workflows.

Microsoft

Connector

Title

Description

Microsoft

Execute on-premises PowerShell with Okta Workflows

With Okta, you can execute PowerShell on-premises with a combination of Okta Workflows with Azure Automation. Azure Automation delivers a cloud-based automation service that supports automation across Azure, on-premises non-Azure, and hybrid environments.

This guide gives IT administrators what they need to incorporate PowerShell execution into the user's lifecycle from Okta.

Microsoft

Subscribe to Microsoft alerts and notify admins of potential security issues

You can use a Microsoft alert subscription to manage your security surface across API endpoints, email, collaboration spaces, cloud apps, and user identities.

Microsoft Teams

Activate and deactivate Okta accounts with notifications in Microsoft Teams

This template demonstrates how Okta Workflows can automatically activate and deactivate an Okta user account based on a start or end date stored in the Okta user's profile. The template then sends out notifications using Microsoft Teams.

Office 365 Admin

Create Office 365 guest user accounts

More companies are using multiple Office 365 tenants. This is especially evident in M&A activities. As a result, users need access across multiple tenants. Many are solving the licensing aspect of this issue through a Microsoft Guest account. But automating the creation and management of these users is cumbersome. This flow gets you started creating guest accounts without requiring any code or special infrastructure to host code.

Office 365 Admin

Generate unique emails

To onboard users in an organization, IT needs to generate unique email addresses for their end users in downstream applications like Office 365 and Google Workspace. This flow generates the unique email addresses for all the users onboarded into Okta.

Office 365 Admin

Onboard and offboard with Office 365 Admin

This flow allows you to disable a user in Office 365 Admin and then after a specified delay remove their assigned Office 365 licenses. Another part of the flow reactivates the user in Office 365 Admin and reassigns the previously removed Office 365 Admin licenses.

Office 365 Admin

Sync Okta group membership with Office 365 Unified Groups

This template syncs your Okta group membership with your Office 365 Unified Group using custom profile attributes and Okta Workflows. If you don't have an Office 365 Unified Group, you can create one with the included flow and then use Okta groups to manage the group membership.

Office 365 Mail

Create contractor expiry notifications

Many organizations use contractors in addition to full-time employees. A contractor typically has a date when their current contract is due to expire. This template shows how to proactively notify people within the organization before this date. For example, the contractor's manager, who can potentially renew the employee's contract.

Office 365 Mail

Send Active Directory credentials to a manager

Many organizations use Active Directory to manage user credentials, also known as Active Directory Delegated Authentication. While the Okta integration with Active Directory allows for user provisioning, organizations need a solution to communicate the account credentials to the user. When onboarding new hires, companies may need to set up these accounts ahead of time. However, the user may not have system or email access until the day of joining. In these scenarios, companies can email the account credentials to the user's manager with a one-time password. This flow demonstrates how to identify users who are added to Active Directory using the User Assigned to Application event. The flow then fetches their manager's email address and sends a notification.

Office 365 Mail

Send email notifications with Office 365

This flow sends an email notification with Office 365 when a user is suspended in Okta. It allows administrators to easily track user suspensions. This is a generic notifications template. You can easily swap out both the event or the email provider (to Gmail) based on your notifications use case.

Other third-party connectors

Connector

Title

Description

Adobe Sign

Capture document signatures in Adobe Sign

Many organizations use Adobe Sign to control agreements that dictate which resources users can access. For example, nondisclosure agreements (NDAs), lease contracts, and terms of service (TOS) are common types of resources. This template uses Adobe Sign webhooks to capture when a user signs a document. Okta then takes this information to determine which systems a user can access and their security level.

AWS Lambda

Populate Okta profile attributes using AWS DynamoDB and Lambda

This flow demonstrates how you can enrich a user's profile with associated values that are retrieved from an external table. The flow uses a simple Amazon Web Service (AWS) DynamoDB table, and an AWS Lambda function handles the retrieval of data. This flow uses the AWS Lambda Connector to call the respective Lambda function. This use case is based on a user-entered zip code to retrieve associated values like city, state, and time zone.

AWS SSO

Manage AWS SSO entitlements

The AWS SSO connector allows entitlements (accounts and permission sets) to be added and removed for Okta and Amazon Web Service (AWS) users and groups. The connector works with the AWS SSO SCIM provisioning app that's available in the OIN catalog. The flows in this template are triggered when an Okta user is added to or removed from an Okta group. The Okta group holds the entitlements, and the user is updated accordingly in AWS. There are two examples of how to add and remove entitlements using helper flows and a table.

Box

Office 365 Mail

Reassign files while deprovisioning with Box

This template creates a Box account for a user, creates a folder, and sends a notification email to the user's manager. The flow also transfers a user's Box files and folders to a manager if the user is removed from a specific Okta group.

Darwinbox

Okta

Automate lifecycle management with Darwinbox

These flows outline how Okta Workflows can automate user creation, updates, and deactivation processes, including the automatic update of email IDs in Darwinbox.

DocuSign

Capture document signatures in DocuSign

Many organizations use DocuSign to control agreements that dictate which resources users can access. For example, nondisclosure agreements (NDAs), lease contracts, and terms of service (TOS) are common types of resources. This template uses DocuSign webhooks to capture when a user signs a document. Okta then takes this information to populate an attribute used in managing group and application access.

GitHub

Gmail

Versioning for flows and folders with GitHub

This template allows a flow builder to back up their flows on an on-demand or automated basis to an external system like GitHub or Google Drive. To enable this, Okta created functions to export either a flow or folder and have enhanced our GitHub connector to allow a builder to make commits and open pull requests. There's also a set of templates that can be easily imported into your environment that walks you through exactly how to version both flows and folders.

GoPhish

Capture phishing events from GoPhish

This template listens to phishing events captured by GoPhish. For example, when a user opens an email phishing link, or submits information or credentials to a phishing page. Okta uses this information to change sign-in procedures and reset user credentials upon security events.

Jamf Pro Classic API

Customized conditional access with Jamf Pro and Okta

Set up a fully customizable conditional access flow for your Okta users based on the compliance status of their Apple devices.

Jamf Pro Classic API

Okta

Lock Apple devices upon user offboarding with Okta and Jamf Pro

IT administrators managing a remote workforce can face a real challenge when a remote user is deactivated. IT needs to make sure that all company-related devices can't be used. This flow offers an automated way to remotely lock all Apple devices assigned to a given user in Jamf Pro when the user is deactivated in Okta.

Jamf Pro Classic API

Restart specific Apple mobile devices on a weekly basis

You can use Apple mobile devices as shared devices in scenarios such as meeting room control panels, customer-facing demonstration units, or automated cash machines. These devices need to restart from time to time to install pending updates and Jamf Pro doesn't offer a built-in method to schedule such actions over time.

Jira

Automate account creation from Jira

Onboarding new employees is a complex process that requires information from internal teams and integration with different approval and account creation tools. In addition, businesses may require a new employee to complete an orientation or pass a certification before activating their user account. The complexity of tracking approvals and then activating each user account on a specific date adds overhead for IT admins. Automating this process reduces human error and enhances your security posture. This template provides an example for automating account creation and activation with Okta when triggered by an approved Jira service request.

Jira

Get an Atlassian ID

Many of the actions supported within the Jira connector, such as creating or assigning issues to users, require an Atlassian ID. You can use this helper flow to find a user's Atlassian ID when necessary.

Kandji

Remotely lock all Kandji devices based on security events

IT administrators want to make sure that all company-related devices can no longer be accessed when an employee is off-boarded. This template offers an automated way to remotely lock all Kandji devices assigned to a given user in Kandji when this user is suspended, deactivated, or reports suspicious activity in their account.

Marketo

Add inactive users to Marketo list for remarketing

This template illustrates how Okta Workflows can be used with Marketo to re-engage your customers and drive more visits to your website. The template automatically maintains a list of customers who haven't signed in to Marketo recently. You can then use Marketo to set up a campaign to engage these customers.

Marketo

Create leads in Marketo

This template illustrates how B2C companies can use Okta Workflows to sync customers with Marketo. Using this template ensures that every new user that signs in to your website has a profile in Marketo. This enables you to avoid manual and error-prone imports and immediately engage with new users through marketing campaigns to increase engagement and retention.

Onfido

Create an Onfido applicant

For identity verification, this flow creates an Onfido applicant using a User Created event card for the Okta connector and saves the applicant ID in the user's Okta profile.

OpenAI

Google Drive

Examples of OpenAI prompts

Discover the potential of artificial intelligence with practical example prompts to help guide you through automating tasks, generating creative content, and more. This connector brings OpenAI's advanced capabilities directly into Okta Workflows to unlock new levels of efficiency and creativity in your business processes.

Opsgenie

Gmail

Manage on-call rotations and schedules with Opsgenie

This template helps automate various frequently used tasks in Opsgenie in relation to on-call rotations and scheduling.

PagerDuty

Suspicious activity event alerts in PagerDuty

Okta enables users to report to their org administrators an activity that they don't recognize. Investigating such a suspicious activity report in a timely manner is critical for preventing fraud. This template provides an example for automatically creating an incident in PagerDuty when suspicious activity is reported.

Pendo

Use Okta Workflows for Pendo metadata sync

This flow pushes user profile data from Okta into Pendo Adopt. Pendo recommends this approach for Okta customers, as Okta Workflows can automatically update a user's data in Pendo when information changes in Okta. See Using Okta Workflows for Metadata Sync.

Personio

Implement Anything-as-a-Service (XaaS) with Personio

This template demonstrates how to implement an XaaS model to import records from Personio. The flow requests records from Personio, stores the resulting list of records in a temporary Workflows table, and then creates import sessions and processes the bulk import requests.

Salesforce

Create contact in Salesforce

This template illustrates how B2C companies can use Okta Workflows to automatically sync customers to their CRM solution. When you use this template, every new user that signs in to your website becomes a contact inside your Salesforce account.

Salesforce

Create users in Salesforce

User provisioning, or creating users in a third-party system, is a foundational use case for Okta lifecycle management. To access a system such as Salesforce, a newly created user needs to have an account in that system with the correct profile attributes and entitlements. This flow helps you create a user in Salesforce and assign them a profile based on their department.

Secure Code Warrior

GitHub

Slack

Manage access to GitHub based on Secure Code Warrior assessment status

This flow grants access to a GitHub repository if the user has passed the required Secure Code Warrior assessment. The flow is triggered when the user is assigned the GitHub application.

SendGrid

Password change notification using SendGrid

Security for end users is a major concern for all CIAM customers. Account takeover can be mitigated by notifying an end user when their password has changed, and alerting them if it was performed without their knowledge. Branding this notification across multiple application brands is important. Workflows can act on a password change event and send a customized notice to the end user. The trigger event that initiates the flows is a User Password Changed event in Okta. This occurs whether the user initiates a self-service password change or if an admin sets the password. A customized HTML email template substitutes user and event context dynamically.

ServiceNow

Create ServiceNow tickets for high-risk logins

This template illustrates how Okta Workflows can be used to guard against high-risk customer sign-ins. When a high-risk sign-in occurs, the template automatically creates a ServiceNow incident with relevant information, enabling your security team to respond quickly and mitigate any risk to your site.

ServiceNow

Grant provisioning approvals using ServiceNow

In many organizations that use ServiceNow, a subset of access may require approvals. You may have users provisioned with birthright access when created, but a specific group access needs to be approved before being provisioned. This flow helps you get approvals for such use cases using ServiceNow.

Slack

Invalidate anomalous Slack sessions

This flow is designed for security operations teams to invalidate Slack sessions and notify admins when Slack detects anomalies associated with session hijacking.

The flow periodically checks the Slack Risk Audit API for anomalous events, then filters through the results for specific security interest events. The flow invalidates any Slack sessions associated with an anomalous event.

It's also configured to notify the organization's security operations team or Slack administrator of these events. They can investigate if the user was a victim of an account takeover.

Slack

Send a Slack message with Blocks

This template uses the Block UI framework in Slack to create structured and visually appealing messages. Its flexible design enables you to customize message content and formatting to meet your specific organizational needs.

SmartHR

Implement Anything-as-a-Service (XaaS) with SmartHR

This template demonstrates how to implement an XaaS model to import records from SmartHR. The flow requests records from SmartHR, stores the resulting list of records in a temporary Workflows table, and then creates import sessions and processes the bulk import requests.

Shopify

Automatically sync Shopify customer identity

Consistently maintaining user identity across downstream applications is critical for excellent user experience, compliance, and governance. Automatically provisioning downstream applications based on group membership provides a simple and effective solution. This template provides a blueprint to create, update, and delete Shopify customers based on group membership within Okta.

Twilio

Send SMS through Twilio

This flow demonstrates how you can send SMS messages through Twilio.

VMware Workspace ONE

Capture device security events from VMware Workspace ONE

This template listens to VMware Workspace ONE security events to capture either compromised or out of compliance devices. Okta uses this information to determine user access to systems and their security level.

Yubico

Yubico FIDO Pre-registration

The Yubico FIDO Pre-registration template enables IT administrators to use the Yubico Enterprise API, the Okta WebAuthn API, and the Okta Workflows platform to procure FIDO2 YubiKeys for end users.

The FIDO2 YubiKeys are pre-registered and shipped directly to designated recipients with a unique, randomly generated PIN that is provided separately.

Related topics

Workflows templates

Add a template to your Workflows environment