Workflows for Identity Threat Protection
When Identity Threat Protection with Okta AI uncovers a risk, the remediation event may require additional actions beyond terminating user sessions and token revocation. In this situation, you can configure your entity risk policy to automatically run a delegated workflow.
The third-party apps and services available through Okta Workflows connectors provide you with numerous possible remediation actions:
- Notify users or administrators through Slack or email
- Deactivate a user
- Remove a user from a privileged group
- Move a user to a new restricted group
- Quarantine a device
- Submit an incident ticket to a queue
You can configure different flows for different risk scenarios, based on your requirements.
In addition, you can use the Custom API action cards included in nearly all connectors to create custom actions that can interface with any third-party API endpoints.