Oort Knowledge Base
Search
K
Comment on page
🔁

Okta Workflows Webhook Example

8/2023

Overview

Okta Workflows provide a flexible and extensible platform for orchestrating common operations within an Okta environment. Now with the new Oort Webhooks feature, you can combine the power of Oort identity analytics and Okta Workflow automation to accomplish numerous things.
This article provides a basic example of how to use Oort webhook destinations with Okta Workflows.

Assumptions

This article assumes the following:
  • General familiarity with the Okta Workflows platform
  • An Okta tenant capable of supporting the Workflows module (not a Developer tenant)
  • Additional downstream or adjacent platform integrations in Okta Workflows, such as Slack, Microsoft 365, ServiceNOW, etc.
  • Okta Super Admin role

High-Level Design

This example traces the following design:
  1. 1.
    Creation of an API Endpoint in Okta Workflow for ingesting Oort notification events
  2. 2.
    Parsing of the JSON event message, including event type, criticality, and list of users failing
  3. 3.
    Invoking a For Each function for each user listed in the notification, which invokes a Helper flow to evaluate specific logic and perform certain actions
  4. 4.
    Sending a Slack message with the output of the failed check notification

Import Pre-Configured Workflows

Oort has exported the Okta Workflows for this example, which can then be imported into your Workflow console for review and testing.
Oort Workflow demo_2023.09.14.folder
82KB
Binary

Configuration Steps

  1. 1.
    Create a new flow and provide a suitable name for it
  2. 2.
    Add a new event type of API Endpoint
  3. 3.
    Select Expose as Webhook and copy the Invoke URL and Client Token. These will be used in the Oort configuration.
  4. 4.
    Next add an API Connector - Close action.
  5. 5.
    Set the status code value to 200. Because the workflow is async and may take time, this will return a value to Oort and allow the action to close on the Oort side.
  6. 6.
    Next add a JSON Parse action, using the Body from the API endpoint as input. Structure the output fields as shown below.
    If using the Test Connectivity action in Oort to test the API endpoint and workflow, the specific event message sent will be:
{
"version": "0",
"id": "abf0607d-3856-b397-5138-0131ec1b63d7",
"detail-type": "WebhookTest",
"source": "11111111-2222-3333-4444-555555555555__66666666",
"account": "000000000000",
"time": "2023-08-08T13:27:22Z",
"region": "us-east-2",
"resources": [],
"detail": {
"id": "11111111-2222-3333-4444-555555555555",
"checkId": "oort-test-check-id",
"title": "OORT Failing Check Event Test",
"description": [
"description1",
"description2"
],
"recommendedActions": [
"action1",
"action2"
],
"severity": "critical",
"usersFailing": [
"[email protected]",
"[email protected]"
],
"published": "2023-08-08T13:27:22.416Z"
}
  1. 5.
    Add several List actions to convert the JSON strings to text, for later use in the workflow.
Full workflow shown above
  1. 5.
    At this point, it's useful to Save this flow and create a 2nd flow of type Helper to execute specific actions for each failing user, referenced in the next step. See the Helper Flow section. This will act as a placeholder.
  2. 6.
    In this example, we want to invoke a Helper workflow named Demo - Dispatcher for each user listed in the check failure event message, so a For Each is added to do this. Note that the email address listed is specified as type ITEM.
  3. 7.
    Additional actions for the primary API flow are added at this point. This includes
    1. 1.
      Using Compose Test to create a message block with the Lists created in previous actions
    2. 2.
      Using the output of the Compose action to send a Slack message to a channel (requires a Slack app connector)

Helper Flow

The Demo - Dispatcher Helper flow reference above is constructed of the following:
  1. 1.
    The on-demand Helper flow that receives the input of the List - For Each action in the primary API flow
  2. 2.
    Okta Actions to
    1. 1.
      Read the Okta user ID based on the email provided
    2. 2.
      Revoke any existing sessions
    3. 3.
      Suspend the user

Oort Configuration

Using the API Endpoint Invoke URL and Client Token from above, create a Webhooksnotification target in your Oort tenant.
Note:
  • The auth method should be API Key
  • The API Key name will be x-api-client-token as described in Okta documentation
  • You can use the Test Connectivity function to trigger event messages to your webhook
  • When ready, make sure to enable the Webhook notification target in the specific Check or Checks you want to use it with. You can review this list in the Oort Insightssection.

Tips

Workflow Execution History

Execution history is very helpful for troubleshooting your workflow.

Run Flow with Test Data

You can use the Run button to run the flow with manually input data.
Copy the body of the JSON Parse string from a previously sent test message and use it as the Body input to the Run Test function.

Webhooks in Action

Previous
Networks Tab & User Investigations
Next
Oort Dashboard Overview
Last modified 2mo ago