Data deletion for Workflows

Data privacy is important to Okta, and it aligns with the company's core values.

The following user and organization data can be removed from Okta Workflows by following standard Okta processes.

Users

The following categories of user data are deleted:

Category

Description

Usernames and passwords

Any credentials entered by a user to create a connection with a third-party system, whether the user owns those credentials or not. For example, the username and password needed to access a service account. Reauthenticate any flows that use the deleted credentials.

Tokens and keys

Any access tokens for a third-party system.

Session data

All user session data.

Personally Identifiable Information

All personally identifiable information related to a user is obfuscated, including any name or email data received during the Single Sign-On (SSO) process.

If a user creates the flow, then it isn't deleted using the same Okta standard process for user or organization data. This is especially important for flows that are critical to business. Instead, you can delete a flow manually in the Okta Workflows interface.

Organizations

The following categories of data are removed from the platform:

Category

Description

Users

All user data. See Users.

Flows and flow configurations

All flows and flow configurations.

Files

Any reference to a file that is uploaded, downloaded, or transferred using the platform.

Folders and subfolders

All folder names and descriptions entered by a user are obfuscated.

Organization data

Any data that is related to an organization (for example, Name, Email, or Namespace) is obfuscated.

Tables

Any information that is stored in the platform's Tables feature.

Execution history

Any information that an organization chooses to retain using the Save all data that passes through this flow feature. Data is deleted automatically after the Okta retention policy of 30 days expires.

Common scenarios for deletion of data

Scenario

Action

Additional Information

My company no longer uses any Okta products, and I want our data to be deleted from Okta Workflows.

None.

Data in Okta Workflows is deleted within 60 days of the date of an organization's last contract expiration, in accordance with Okta policy.

The removal of the data is irreversible.

My org is on an EMEA cell and no longer uses Okta Workflows. I want all of our data in Workflows to be deleted.

To trigger this process, create a support request on support.okta.com.

The removal of the data is irreversible.

A Workflows user in my company has left, and I want to remove their access to Okta Workflows.

Remove the user's Okta access.

A user's access to Okta Workflows depends on their status as an active super admin in an org. If you remove the user's access to Okta, they can't access the Workflows platform.

The deletion process is irreversible.

A Workflows user in my company has left, and I want to remove any connections to Okta or third-party applications that they created.

Manage and delete connections in the SettingsConnections page.

If a connection that is being used in a live flow is deleted, then the flow fails. It's recommended to use service accounts to avoid this scenario.

A Workflows user wants to have all their Okta data deleted.

Start the process by completing this form.

User information can't be managed through the Workflows Console. But alternative processes are available.

Related topics

Prepare your organization for GDPR

Okta Privacy Policy