Take action on user identities with time-based conditions
Summary
Problem: To maintain high quality data, proper data integrity and operational efficiency, take specific actions on user identities based on specific time-based conditions. For example, in the case of user inactivity, trigger a password reset for customers who haven't logged in for 180 days, or notify an admin when a customer remains in a specific state for longer than a prescribed number of days.
Solution: On a regular cadence, query for users who meet a specific condition and perform an action such as a profile update or a send a notification.
Example Applications: Gmail, Office 365 mail, or API-driven email such as SendGrid for sending end user notifications. Okta connector for other actions.
Sample Flow 1
Sample Flow 2
Guidelines and limitations
-
There is no native Okta API for inactivity or password expiry. Users profiles must be individually retrieved and filtered by the Workflows engine. Workflows system-wide limits may apply. See Learn about Workflows best practices and limits.
-
There is no connector available to send native Okta emails. To send end user notifications, a third-party email provider must be used.