Workflows for Identity Threat Protection with Okta AI
Early Access release
When Identity Threat Protection with Okta AI uncovers a risk and the remediation event requires additional actions beyond universal sign-out, you can configure your Entity risk policy to automatically run a delegated workflow.
The third-party apps and services provided through Okta Workflows connectors provides you with numerous possible remediation actions:
- Notify users or administrators through Slack or email
- Deactivate a user
- Remove a user from a privileged group
- Move a user to a new restricted group
- Quarantine a device
- Submit an incident ticket to a queue
You can configure different flows for different risk scenarios, based on your requirements.
In addition, you can use the Custom API action cards included in nearly all connectors to create custom actions that can interface with any third-party API endpoints.