With Okta Workflows, when our users are assigned to a specific app, they can receive a Welcome Slack DM. This message will notify them that they now have access to the app, and we can also include some resource documentation, which will help them get familiar with the app.
In this case, the Okta app will be our trigger.
Now, we can specify which Okta event will trigger this Flow. We will select User Assigned to Application.
As you can see we also have an event associated to this trigger (application.user_membership.add)
If we go to Okta Admin → Reports → System Log and under Search we need to add the filter and press Search
We can use this filter to find how many events were generated by that specific Event Type. We can expand on any result to understand what kind of information we can grab from each event: actor, target.
Now Back to our Okta Workflows, we have added the trigger, but we need to specify a Connection (to the Okta app) which will allow the Workflow to pull the correct info.
For more information about setting up a connection check this post and you can follow the step-by-step guide for setting up an Okta Connection
Back to our trigger, we can specify the app using the App name or App ID.
Let's set a test app in Okta Admin. Go to Applications → Applications → Browse App Catalog and
search for the Bookmark app
Select +Add Integration
We will specify a non-login page - Okta Community in this example
https://support.okta.com/help/s/community
After filling the Application Label and URL click Done.
On the URL, we can see the App ID - 0oa2a501bgnvl2hAP0h8
Back to our Okta Workflows portal, we can work with the App Instance ID option.
This flow will be triggered each time a user is assigned to this specific app.
If we want to use the Application Name, we need to select
- Use App Instance ID? : No
Since this is a bookmark app, we need to select under the application option - bookmark
Now let's save and enable this flow (Currently Flow is OFF).
Also make sure that Save all date that passes throught the flow is enabled.
We will use the compose Function to draft the Welcome message, which needs to be send to the end user. Ideally we would grab some information like user's First Name to make it a bit more personal.
Let's trigger this flow, by adding a user to the newly created app.
For example under Okta User, we have
{
"ID": "00u2a353r55QrjIIm0h8",
"Alternate ID": "theo.tzachristas@theo.local",
"Display Name": "Theo Tzachristas",
"Type": "User"
}
We can get the user ID, the login / username, the display name and the type.
As you can see there is no field that displays only the First Name.
We will use an app action (Okta) which will "read" the user information and provide the output we need.
Read user is the action we are after.
The input is specific : User ID or Login and we can select some of the many avalable outputs : First name, Primary email and Display name.
Now we need to drag-n-drop the Okta User ID (or Alternate ID). Be careful not to drag the Admin ID, because this is the admin who added the user to that group.
We can use the x to remove any inputs.
As mentioned this flow will be triggered when the user is assigned to the defined app. In order to test our flow several times, it would be easier if we had static values for some inputs - for example User ID or Username in our case, instead of assigning / un-assigning that test user from the app.
To speed things up let's temporarily remove the trigger and run the flow
Now let's use the Compose function to Compose a message
We can drag and drop outputs from the Okta Read User card to the compose card.
We can customise our Outputs, which can help us to better understand long and complex Workflows. In the example below, we renamed the Compose Output as Slack Input (or Slack message)
Now let's send a DM to our User.
This card requires Slack User ID or Username. Since that is not matching with the Okta ID or Username, we need an additional card before the DM action.
The card would be Slack - Read User and it will translate an Email to Slack ID
The input (Field Type) must be Email and we can allow all the different outputs
Now let's connect inputs/outputs, save our flow and Click Run.
The end user will receive a Slack message.
In the example below we used a different Okta ID.
Now let's add our trigger and test again by assigning this user to our app. We will also grab the application name from the trigger output.
No comments:
Post a Comment