Add a new automation

Add a new automation by configuring its parameters. You must be a super, org, or mobile admin to add an automation. Only super admins can manually change the lifecycle state of another super admin.

Depending on the size of your org, there may be a 24-hour delay between when your automation begins evaluating conditions and when the actions are run.

  1. In the Admin Console, go to Workflow > Automations.
  2. Click Add Automation and enter a name for the automation. Click Save.
  3. Configure the parameters of the default conditions:

    • Click Edit next to Select a schedule and select a time zone and then configure the time when the automation will run. The default selection is set to Run daily, with a creation time stamp of the local time zone. For time zones, country or city names mentioned in the official Time Zone Database published by the Internet Assigned Numbers Authority (IANA) are admissible.
    • Click Edit next to Select group membership, and enter one or more groups to which the automation will apply. Click Save. The automation will apply to all members of the group, regardless of whether they are Okta-mastered or AD/HR-mastered.
  4. Configure one or more new conditions. Click Add Condition and select one or both of the following conditions.
    • User Inactivity in Okta: This option looks for active users who have not logged into Okta for a set number of days. Because application session lengths may vary, this option does not check if the user is active in apps that they log into through Okta. For this reason, Okta recommends setting the duration to be the same as or higher than the application length configuration. For more information about active user accounts, see About user account status
    • User password expiration: This option looks for users whose Okta-stored passwords will expire within a set number of days. Users who meet this condition are impacted by the automation only once. To remind the user again as the expiration date approaches, you need to create an additional User password expiration automation. Although this option is not designed to work with your Active Directory integration, it can provide you with limited functionality.
  5. Configure one or more actions to be triggered by the conditions you set. Each action is run independently from the other actions and does not run in any particular sequence. An Action is only performed once on the same user for a period of 30 days. Actions are run one time after all conditions are met. The following actions are currently available:
    • Send email to the user: This option enables you to create an email template by using HTML and referencing Okta end user profile attributes within the body of the message. The Subject is required before you can Preview and Save the action. Note that if you don't use HTML, the email does not have any formatting and extra spaces and line returns are not preserved.
    • Change user lifecycle state: This option enables you to change the user lifecycle to Suspended, Deactivated, or Deleted. Users who are manually reactivated or unsuspended must log in or they will be impacted by the next automation cycle. Setting the Change user lifecycle state in Okta to Deleted is irreversible.
  6. Select Activate from the Inactive/Active drop-down.

    The Activate option becomes available after you configure all the required conditions and at least one action.

    Active automations are run using the configured schedule settings for that automation. An automation does not perform the same action on the same user for a period of 30 days. To edit an automation, deactivate it first.