Data deletion for Workflows
Data privacy is important to Okta, and it aligns with the company's core values.
The following user and organization data can be removed from Okta Workflows by following standard Okta processes.
Users
The following categories of user data are deleted:
|
Category |
Description |
|---|---|
| Usernames and passwords |
Any credentials entered by a user to create a connection with a third-party system, whether the user owns those credentials or not. For example, the username and password needed to access a service account. Reauthenticate any flows that use the deleted credentials. |
| Tokens and keys |
Any access tokens for a third-party system. |
|
Session data |
All user session data. |
|
Personally Identifiable Information |
All personally identifiable information related to a user is obfuscated, including any name or email data received during the Single Sign-On (SSO) process. |
If a user creates the flow, then it isn't deleted using the same Okta standard process for user or organization data. This is especially important for flows that are critical to business. Instead, you can delete a flow manually in the Okta Workflows interface.
Organizations
The following categories of data are removed from the platform:
|
Category |
Description |
|---|---|
| Users |
All user data. See Users. |
| Flows and flow configurations |
All flows and flow configurations. |
|
Files |
Any reference to a file that is uploaded, downloaded, or transferred using the platform. |
|
Folders and subfolders |
All folder names and descriptions entered by a user are obfuscated. |
|
Organization data |
Any data that is related to an organization (for example, Name, Email, or Namespace) is obfuscated. |
|
Tables |
Any information that is stored in the platform's Tables feature. |
|
Execution history |
Any information that an organization chooses to retain using the Save all data that passes through this flow feature. Data is deleted automatically after the Okta retention policy of 30 days expires. |
Common scenarios for deletion of data
|
Scenario |
Action |
Additional Information |
|---|---|---|
| My company no longer uses any Okta products, and I want our data to be deleted from Okta Workflows. |
None. |
Data in Okta Workflows is deleted within 60 days of the date of an organization's last contract expiration, in accordance with Okta policy. The removal of the data is irreversible. |
| My org is on an EMEA cell and no longer uses Okta Workflows. I want all of our data in Workflows to be deleted. |
To trigger this process, create a support request on support.okta.com. |
The removal of the data is irreversible. |
|
A Workflows user in my company has left, and I want to remove their access to Okta Workflows. |
Remove the user's Okta access. |
A user's access to Okta Workflows depends on their status as an active super admin in an org. If you remove the user's access to Okta, they can't access the Workflows platform. The deletion process is irreversible. |
|
A Workflows user in my company has left, and I want to remove any connections to Okta or third-party applications that they created. |
Manage and delete connections in the page. |
If a connection that is being used in a live flow is deleted, then the flow fails. It's recommended to use service accounts to avoid this scenario. |
|
A Workflows user wants to have all their Okta data deleted. |
Start the process by completing this form. |
User information can't be managed through the Workflows Console. But alternative processes are available. |