Workflows Tips#11: Random 6-Digit PIN, Calling Okta API,and Sign-In Based on Location
Welcome to another Okta Workflows Tips post. Read all previous tips.
In this post:
- How to generate a random 6-digit PIN
- Using Custom API Action to create a user without credentials (via Okta API)
- How to monitor sign-in based on geographic location
How to generate a random 6-digit PIN
This tip is from Arek Dreyer. Arek is a Senior Product Engineer at kandji.io, which provides next-generation Apple device management for macOS, iOS, iPadOS, and tvOS. Arek spent over 20 years as an independent trainer, author, and consultant, and in 2021 he joined Kandji. He was super happy to discover the community of admins that love helping each other solve problems in the Okta Workflows space.
This tip shows how to generate a 6-digit PIN where the first digits can be zero.
The flow has two steps:
- Generate a 7-digit random number between using Number – Random Integer card
- Use Text – Text Segment card to leave out the first digit and you end up with a 6-digit PIN where the first digit can be a zero
This is a cool tip (or a hack) for a specific use case.
Thank you to Gabriel Sroka for helping find this solution.
Using Custom API Action to create a user without credentials (via Okta API)
This tip is from Bryan Barrows, Workflows Builder Advocate at Okta.
In this tip, you will learn how to send a POST request to Okta to Create a user without credentials.
First, you need to create a profile object to include in your request payload – this will contain the information about the user you wish to create.
You can leverage the Object – Construct function to create the inner object with keys for firstName, lastName, etc. You can then feed the output of this card into another Object – Construct with a key of profile.
The resulting output of our second card is an object that matches what Okta’s API expects for this request and looks like this:
{ "profile": { "lastName": "User", "email": "example.user@test.com", "mobilePhone": "555-415-1337", "firstName": "Example", "login": "example.user@test.com" } }
You can then add the Okta – Custom API Action card with an action of POST. The full endpoint we want to hit is https://${yourOktaDomain}/api/v1/users?activate=false
, so the Relative URL for the request will be /api/v1/users?activate=false.
With your constructed profile object and relative URL, you are now able to use the Okta – Custom API Action to POST to Okta’s API.
How to monitor sign-in based on geographic location
This tip is from Bryan Barrows, Workflows Builder Advocate at Okta.
This tip is based on a real use-case in which a customer wanted to monitor whether users who have a country code of UA in their profile attempt to sign in from outside of Ukraine – however, the logic can easily be customized for many unique scenarios.
The flow has the following steps:
- Leverage the Okta – User Sign In Attempt event to fire a workflow anytime a user attempts to sign in.
- Add an Okta – Read User card and drag the Actor ID into the input field. We’ll also want to select the Country Code as an output field.
- Add a Branching – Continue If function and check if the user’s country code matches the one that you care about monitoring. If it doesn’t, we don’t need to do anything and the flow will stop.
- Add an Object – Get Multiple function and retrieve the geographical context of the sign-in event using dot notation by creating an output with a key name of
client.userAgent.geographicalContext.country
- Add a Branching – If Else function and check that the output of Step 4 is equal to the expected country for the user to sign in from. When that is not the case, the False lane will execute, so any actions you want to take like sending a Slack message, etc, can be put here.
That’s all for now. Let me know if you have any tips you would like to share.
Published on Java Code Geeks with permission by Max Katz, partner at our JCG program. See the original article here: Workflows Tips #11: Random 6-Digit PIN, Calling Okta API, and Sign-In Based on Location Opinions expressed by Java Code Geeks contributors are their own. |