Okta's process automation solution "Workflows"

Okta has prepared functions to provide a secure digital experience that can access all technologies as "Okta Products", and provides six core services as common services "Okta Platform Services" that make these functions work. ing. Specifically, Direcories, a universal directory for storing user information with a flexible schema, Integrations, for integration using API templates and toolkits, and collecting all data generated by Okta services. , "Insights" that provide visualization and awareness, a customizable component "Identity Engine", a component "Devices" that allows you to free your identity from devices, and the ability to precisely execute the necessary processes and flows. A possible service, Workflows.

This Workflows is a solution that can eliminate manual tasks performed by IT administrators with the help of developers and automate identity-centric processes. It would otherwise require custom code and inconsistent documented processes, potentially exposing security risks. One of the attractions of Workflows is the ability to automate tasks such as user provisioning and file transfers without using code.

Automate the process for onboarding new members on their first day

For example, assuming a case where a member in charge of sales newly joins the company, a demonstration that automates without using code from user registration to creation of a to-do list after joining the company, and access to Slack and Office 365 managed by the sales department. Let's take a look at

First, an administrator accesses Okta's Workflows and begins by defining a GUI process for onboarding to the sales force. It is possible to set it up from scratch, but if an onboarding flow that has been set up for employees already exists, it is also possible to duplicate it and set it up while customizing it.

Within the Workflows screen, modules called “cards” that are templated for each application are combined, and when the user activates Okta, each linked action will automatically start. When creating this card, you can select what you need in the flow from the list of applications that can be linked, and select the possible actions for each application from the pull-down menu on the card. Actions set for each card can be linked simply by dragging them with the mouse. You should be able to master Workflows.

In the actual demo, when activated in Okta, the universal directory is checked to see if the employee is in the United States, and a welcome message created within Okta to welcome the new employee is sent by email. If there is, it will be sent from Office365, and if it is an SNS, it will be sent via Slack. At the same time, an environment in which a channel for the sales department can be prepared in Slack and immediately accessed can be set up in Workflows. In addition, it is easy to customize by setting the ToDo list for sales personnel created in Excel so that it can be accessed via a Google spreadsheet, and replacing the name of this Google spreadsheet with the name of the user himself. . The process of embedding the URL for accessing this Google spreadsheet in the welcome message can also be performed within Okta.

Once the flow for automatically running multiple applications has been completed, turning on this flow and assigning it to the sales department from the universal directory will make it possible to automate actions for users on their first day at the company.

Reduce security risks by automating access restrictions for retirees

We've looked at the process for welcoming new members, but now we're assuming the case of a member retiring, and we're going to have to do things like restrict access to email data in a secure manner and guide retirees to restricted websites that they can access. I would love to see a flow demo.

Admins start by creating a retirement identity to use when a member's Okta account is flagged for suspension. Specifically, after blocking access to personally identifiable information from the personal email accounts of retirees, information necessary for retirees, such as tax documents and old pay slips, will be removed. Access destinations will be narrowed down to portal sites that can be confirmed. In addition, it will be possible to automate the process of transferring the folder of retired employees held in Box to the administrator, setting the period of access for several days, and assigning them.

When you actually suspend an account on Okta's universal directory, your personal Gmail account stays active while email to access mission-critical applications is suspended. Generally, these processes require manual coordination of multiple applications, but with Workflows, you can use Workflows as a more reliable alternative without using APIs or custom code. is possible.

We've looked at the onboarding and exiting flow for a certain member, and you'll see how Okta's Workflows can simplify employee lifecycle management that has traditionally been done manually by HR. By linking with identity information, it becomes possible to easily prepare the environment for new members and to prepare for security risks for retirees.

Not just employees! Automated identity management process for customers

Okta's Workflows aren't just an employee solution. You can also set up identity workflows for your customers. It is a process that automatically accepts requests for information provision from customers through the website, registers customer information as lead information in CRM, and responds to laws and regulations regarding sensitive information including personal information.

As a concrete demonstration, let's look at the flow of Workflows in the interaction between a company that sells cars online and a customer who wants to get information about it.

When a certain consumer finds a car of interest on an automobile manufacturer's website, he enters his name and email address and registers his personal information on the website in a form that allows him to provide information such as promotions. Okta's Workflows can automate processes such as registering lead information with Salesforce and sending emails from the marketing team when new users register on the website. And when it comes to the purchase stage, the license information will be scanned, and the authentication code will be sent via SMS, and the purchase will be ready.

Workflows also help automate privacy-aware processes

Recently, from the perspective of personal information protection, companies are required to comply with privacy-related laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). You know that. For example, under the CCPA, consumers themselves have the right to request disclosure of the scope and source of personal information collected by companies, including the right to have their personal information deleted. ing.

Normally, when a consumer requests information disclosure regarding the operation of personal information, it is necessary to manually collect logs, create a report and disclose it to the consumer, which takes a lot of time and effort. It will be such a process. In order to automate this process, it is necessary to create a script using APIs for each application, but Okta's Workflows does not require code development, and can disclose the operational status of personal information and delete information. flow can be created.

Admins can configure Okta cards to accept requests from users, download required data, delete downloaded data, and even log history from information download requests on Google Spreadsheets. Prepare at By running tests on Workflows, you can not only determine whether each card worked correctly by color-coding, but also accurately grasp the progress status such as whether the request was successful or not. Having a historical record will not only make troubleshooting easier, but it will also be of great help during an audit.

On the user side, there is an icon that allows you to download and delete information related to personal information in the account information on the registered website, so it is possible for the user to download and delete through SMS authentication for identity verification. become.

We have seen identity management for employees and customers, but it is not necessary to write special code yourself in both processes, and it is possible to set up a business flow by connecting cards prepared as templates. I hope you understand. Workflows, which allows even non-developers to easily set up identity-centered complex flows with just a GUI, should be useful for automating and labor-saving operations that go beyond simple identity management.