Workflows for Identity Threat Protection with Okta AI

Early Access release

When Identity Threat Protection with Okta AI uncovers a risk and the remediation event requires additional actions beyond universal sign-out, you can configure your Entity risk policy to automatically run a delegated workflow.

The third-party apps and services provided through Okta Workflows connectors provides you with numerous possible remediation actions:

  • Notify users or administrators through Slack or email
  • Deactivate a user
  • Remove a user from a privileged group
  • Move a user to a new restricted group
  • Quarantine a device
  • Submit an incident ticket to a queue

You can configure different flows for different risk scenarios, based on your requirements.

In addition, you can use the Custom API action cards included in nearly all connectors to create custom actions that can interface with any third-party API endpoints.