Okta Workflows Webhook Example

Overview

provide a flexible and extensible platform for orchestrating common operations within an Okta environment. Now with the new Oort Webhooks feature, you can combine the power of Oort identity analytics and Okta Workflow automation to accomplish numerous things.

This article provides a basic example of how to use Oort webhook destinations with Okta Workflows.

Assumptions

This article assumes the following:

• General familiarity with the Okta Workflows platform

• An Okta tenant capable of supporting the Workflows module (not a Developer tenant)

• Additional downstream or adjacent platform integrations in Okta Workflows, such as Slack, Microsoft 365, ServiceNOW, etc.

• Okta Super Admin role

High-Level Design

This example traces the following design:

1. Creation of an API Endpoint in Okta Workflow for ingesting Oort notification events

2. Parsing of the JSON event message, including event type, criticality, and list of users failing

3. Invoking a For Each function for each user listed in the notification, which invokes a Helper flow to evaluate specific logic and perform certain actions

4. Sending a Slack message with the output of the failed check notification

Import Pre-Configured Workflows

Oort has exported the Okta Workflows for this example, which can then be imported into your Workflow console for review and testing.

Configuration Steps

1. Create a new flow and provide a suitable name for it

{
  "version": "0",
  "id": "abf0607d-3856-b397-5138-0131ec1b63d7",
  "detail-type": "WebhookTest",
  "source": "11111111-2222-3333-4444-555555555555__66666666",
  "account": "000000000000",
  "time": "2023-08-08T13:27:22Z",
  "region": "us-east-2",
  "resources": [],
  "detail": {
    "id": "11111111-2222-3333-4444-555555555555",
    "checkId": "oort-test-check-id",
    "title": "OORT Failing Check Event Test",
    "description": [
      "description1",
      "description2"
    ],
    "recommendedActions": [
      "action1",
      "action2"
    ],
    "severity": "critical",
    "usersFailing": [
      "user1@example.com",
      "user2@example.com"
    ],
    "published": "2023-08-08T13:27:22.416Z"
  }

1. Add several List actions to convert the JSON strings to text, for later use in the workflow.

1. At this point, it's useful to Save this flow and create a 2nd flow of type Helper to execute specific actions for each failing user, referenced in the next step. See the Helper Flow section. This will act as a placeholder.

3. Additional actions for the primary API flow are added at this point. This includes

   1. Using Compose Test to create a message block with the Lists created in previous actions

   2. Using the output of the Compose action to send a Slack message to a channel (requires a Slack app connector)

Helper Flow

The Demo - Dispatcher Helper flow reference above is constructed of the following:

1. The on-demand Helper flow that receives the input of the List - For Each action in the primary API flow

2. Okta Actions to

   1. Read the Okta user ID based on the email provided

   2. Revoke any existing sessions

   3. Suspend the user

Oort Configuration

Using the API Endpoint Invoke URL and Client Token from above, create a Webhooksnotification target in your Oort tenant.

Note:

• The auth method should be API Key

• You can use the Test Connectivity function to trigger event messages to your webhook

• When ready, make sure to enable the Webhook notification target in the specific Check or Checks you want to use it with. You can review this list in the Cisco Identity Insightssection.

Tips

Workflow Execution History

Execution history is very helpful for troubleshooting your workflow.

Run Flow with Test Data

You can use the Run button to run the flow with manually input data.

Copy the body of the JSON Parse string from a previously sent test message and use it as the Body input to the Run Test function.

Webhooks in Action