Software Development

Workflows Template: Identify inactive Okta users

Workflows templates are out-of-the-box flows and automations that you can add and start using right away. Each template provides a specific and real world solution.

In this blog post you will learn about the Identify inactive Okta users template.

Why it’s important

You can determine whether your Okta tenant has stale accounts that were otherwise missed by a manual deprovisioning process using specific criteria to identify inactive users. This task can then allow expensive application licenses, for example, to become available to other users.

Template overview

This template searches for all users in an Okta tenant whose last login date was before a certain date, and writes information about those users to a table in Workflows. The data in the table can be exported to a CSV file as a download, or as an attachment to an email for periodic reporting. An additional enhancement to this template can also be the suspension of inactive users.

The template has:

  • 2 flows:
    • [scheduled] identify inactive Okta users
    • Check Last Login date and add to table
  • 1 table
    • Inactive users

Template flow steps

Let’s see how [scheduled] identify inactive Okta users flow works.

Note: I removed a number of Notes cards and debug cards from the flows so all all cards can fit into a screenshot.

Identify inactive users parent flow

The [scheduled] identify inactive Okta users flow has the following steps:

  • The first card is how this flow is invoked. There are four ways to invoke a flow. This flow is configured to be invoked on schedule or periodically (Okta – Scheduled Flow card). For example, you can configure to run this flow once a week, on a Monday at 9 AM ET.
  • The inactive users are stored in a table. Before the flow checks who is inactive, it deletes all rows in a table (Tables – Clear Table)
  • The Notes cards is like a comment. It explains how streaming works. Read more about data streaming with action cards
  • The Okta – List Users with Search card will find all users with Status set to ACTIVE and will stream (send) them all to the helper flow
    • Instead of building a list of matching records first then using with a List – For Each card to process the list, the streaming option directly streams each record to the selected helper flow
    • It also passes the inactivity window to check for (timeWindowDays) set at 30. Yo can set this window to any number of days

This is the Check Last Login date and add to table helper flow (the last two cards are in the second screenshot):

Identify inactive users helper flow – check last login and add to table

Each record in now processed by the helper flow which has the following steps:

  • Input into the helper flow is passed from On Demand – Child Flow card. One of the record properties is Last Login which is passed to the next card
  • The Branching – Continue If cards checks if Last Login property is not empty. This means — skip if the user hasn’t logged in
  • The Date & Time – Now card gets the current time. This is needed to calculate the time window
  • Next the flow uses Data & Time – Subtract to subtract 30 days (passed from parent flow) to calculate the inactivity cutoff date (inactivityCutoffDate)
    • For example, using a date of March 22, 2022 with a window of 30 days would set the inactivity cutoff date of February 20, 2022
  • Next (Branching – Continue If card), the flow continues only if Last Login was before the inactivityCutoffDate. Using the example above, the last login would need to occur before February 20, 2022. This means a user has been inactive for more than 30 days
  • The next card Time & Date – Difference determine how many days passed between today and user’s lost login. It will be saved in the table.
  • The Number – Round card rounds the number of days passed to an integer (shown in screenshot below)
  • And finally, using Tables – Create Row (shown below), a new record is created with the user who had been inactive for 30 days or longer
Save inactive user to a table

The table looks like this:

Table with inactive users

The data in the table can be exported to a CSV file as a download, or as an attachment to an email for periodic reporting. An additional enhancement to this template can also be the suspension of inactive users.

Template setup

How to add and setup the template:

  1. In Workflows console click Templates
  2. In the search field start typing trigger and then select Identify inactive Okta users template
  3. Click Add template button
  4. In [scheduled] identify inactive Okta users flow set a connection for Okta – List Users with Search card

 Looking for more out-of-the-box automation solutions? Check out all the available templates.

Published on Java Code Geeks with permission by Max Katz, partner at our JCG program. See the original article here: Workflows Template: Identify inactive Okta users

Opinions expressed by Java Code Geeks contributors are their own.

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Back to top button