Okta Workflows: Users lifecycle

Let's start with a very common use case: Users lifecycle.

My goal is very simple. I want to list all my users and based on their status "DEPROVISIONNED", "SUSPENDED" or "idle" (This last one is not a real status) be able to trigger a task to DELETE, DEPROVISION or SUSPEND them.

Logic is the following, if user's status is:

1. DEPROVISIONNED since more than 6 months then DELETE account
2. SUSPENDED since more than 3 months then DEPROVISION account
3. ACTIVE but Last Login occurred since more than 12 months then SUSPEND account 

This flow is a two steps process, first we use a schedule Parent flow with Okta action card "List Users with Search" and then a Helper flow (Also called "Child" flow) in which we pass all those users to take appropriate action. Schedule Event could be set per day, week, etc.

The tricky part is how many users you will fetch because if you have less than 200 users you may decide to use the good old way "ForEach" function card to send your data to your helper flow but if you have more than 200 users, you have to use the option "Stream Matching Records".

When dealing with huge amount of users (+2-10K and more) using "ForEach" function, pagination has always been a bottleneck and subject to very poor performance. One year ago, Okta introduced "Stream Matching Records" which is a kind a "ForEach" splitting your data into smaller chunks (avoiding pagination) to process them more quickly and efficiently. 

Today all built-in Okta action cards come with "Stream Matching Records". 

I will not dig into details explaining how to set those 2 flows because there are to many bits in it. Pictures should be self-sufficient. :)

# Option 1: Use "Stream Matching Records" option

# Option 2: Use "ForEach" option (When less than 200 users)

Same logic as with "Stream Matching Records". We just need to modify Helper flow to rename "Record" (Object) to "item" (Text) and remove "State" object.

To go further !

You could easily adapt that flow to your own business case and add a bit more logic within the Helper flow. i.e. You could process all user's states within the "If/ElseIf" function card and use the Schedule as a condition to trigger operation (Sunday = DEPROVISION & DELETE, Monday to Friday = SUSPENDED, etc.). This is extremely useful when you only have Workflows "Free Plan" that comes only with 5 simultaneously usable flows (Either "Parent" or "Helper").

Okta Workflows

Okta Workflows, what does that mean ?

In a nutshell Okta Workflows is a no-code interface allowing to build complex automated processes around Okta and any API aware third-party applications. So if your use case is not possible using built-in Okta features you should get a try with Okta Workflows !

Some useful links bellow:

• Okta Workflows official documentation here
• Learn how to use Workflows
• Good to know, what are the limits
• Help Center
• Need a training - Free / On-demand / Self-paced
• Workflows Group Office hours -- I really love that one :)--