Okta Workflows Webhook Example
8/2023
Last updated
8/2023
Last updated
provide a flexible and extensible platform for orchestrating common operations within an Okta environment. Now with the new Oort Webhooks feature, you can combine the power of Oort identity analytics and Okta Workflow automation to accomplish numerous things.
This article provides a basic example of how to use Oort webhook destinations with Okta Workflows.
This article assumes the following:
General familiarity with the Okta Workflows platform
An Okta tenant capable of supporting the Workflows module (not a Developer tenant)
Additional downstream or adjacent platform integrations in Okta Workflows, such as Slack, Microsoft 365, ServiceNOW, etc.
Okta Super Admin role
This example traces the following design:
Creation of an API Endpoint in Okta Workflow for ingesting Oort notification events
Parsing of the JSON event message, including event type, criticality, and list of users failing
Invoking a For Each
function for each user listed in the notification, which invokes a Helper flow to evaluate specific logic and perform certain actions
Sending a Slack message with the output of the failed check notification
Oort has exported the Okta Workflows for this example, which can then be imported into your Workflow console for review and testing.
Create a new flow and provide a suitable name for it
Add several List actions to convert the JSON strings to text, for later use in the workflow.
At this point, it's useful to Save this flow and create a 2nd flow of type Helper to execute specific actions for each failing user, referenced in the next step. See the Helper Flow section. This will act as a placeholder.
Additional actions for the primary API flow are added at this point. This includes
Using Compose Test to create a message block with the Lists created in previous actions
Using the output of the Compose action to send a Slack message to a channel (requires a Slack app connector)
The Demo - Dispatcher Helper flow reference above is constructed of the following:
The on-demand Helper flow that receives the input of the List - For Each action in the primary API flow
Okta Actions to
Read the Okta user ID based on the email provided
Revoke any existing sessions
Suspend the user
Using the API Endpoint Invoke URL and Client Token from above, create a Webhooksnotification target in your Oort tenant.
Note:
The auth method should be API Key
You can use the Test Connectivity function to trigger event messages to your webhook
When ready, make sure to enable the Webhook notification target in the specific Check or Checks you want to use it with. You can review this list in the Cisco Identity Insightssection.
Execution history is very helpful for troubleshooting your workflow.
You can use the Run button to run the flow with manually input data.
Copy the body of the JSON Parse string from a previously sent test message and use it as the Body input to the Run Test function.
Add a new event type of
Select Expose as Webhook and copy the Invoke URL and Client Token. These will be used in the Oort configuration.
Next add an API Connector - Close action.
Set the status code value to 200. Because the workflow is async and may take time, this will return a value to Oort and allow the action to close on the Oort side.
Next add a JSON Parse action, using the Body from the API endpoint as input. Structure the output fields as shown below. If using the Test Connectivity action in Oort to test the API endpoint and workflow, the specific event message sent will be:
In this example, we want to invoke a Helper workflow named Demo - Dispatcher
for each user listed in the check failure event message, so a For Each is added to do this. Note that the email address listed is specified as type ITEM
.
The API Key name will be x-api-client-token
as described in