Take action on user identities with time-based conditions

Summary

Problem: To maintain high quality data, proper data integrity and operational efficiency, take specific actions on user identities based on specific time-based conditions. For example, in the case of user inactivity, trigger a password reset for customers who haven't logged in for 180 days, or notify an admin when a customer remains in a specific state for longer than a prescribed number of days.

Solution: On a regular cadence, query for users who meet a specific condition and perform an action such as a profile update or a send a notification.

Example Applications: Gmail, Office 365 mail, or API-driven email such as SendGrid for sending end user notifications. Okta connector for other actions.

Sample Flow 1

Sample Flow 2

Guidelines and limitations

  • There is no native Okta API for inactivity or password expiry. Users profiles must be individually retrieved and filtered by the Workflows engine. Workflows system-wide limits may apply. See Learn about Workflows best practices and limits.

  • There is no connector available to send native Okta emails. To send end user notifications, a third-party email provider must be used.