DEV Community

Max Katz for Okta Workflows

Posted on • Originally published at maxkatz.net on

Workflows Tips #11: Random 6-Digit PIN, Calling Okta API, and Sign-In Based on Location

Welcome to another Okta Workflows Tips post. Read all other tips.

In this post:

  • How to generate a random 6-digit PIN
  • Using Custom API Action to create a user without credentials (via Okta API)
  • How to monitor sign-in based on geographic location

How to generate a random 6-digit PIN

This tip is from Arek Dreyer. Arek is a Senior Product Engineer at kandji.io, which provides next-generation Apple device management for macOS, iOS, iPadOS, and tvOS. Arek spent over 20 years as an independent trainer, author, and consultant, and in 2021 he joined Kandji. He was super happy to discover the community of admins that love helping each other solve problems in the Okta Workflows space.

This tip shows how to generate a 6-digit PIN where the first digits can be zero.

Flow to generate a random 6-digit PIN

Flow to generate a random 6-digit PIN

Output from running a flow to generate a 6-digit PIN

Output from running a flow to generate a 6-digit PIN

The flow has two steps:

  1. Generate a 7-digit random number between using Number – Random Integer card
  2. Use Text – Text Segment card to leave out the first digit and you end up with a 6-digit PIN where the first digit can be a zero

This is a cool tip (or a hack) for a specific use case.

✨ Thank you to Gabriel Sroka for helping find this solution.

Using Custom API Action to create a user without credentials (via Okta API)

This tip is from Bryan Barrows, Workflows Builder Advocate at Okta.

In this tip, you will learn how to send a POST request to Okta to Create a user without credentials.

First, you need to create a profile object to include in your request payload – this will contain the information about the user you wish to create.

Custom action
Custom API action

You can leverage the Object – Construct function to create the inner object with keys for firstName, lastName, etc. You can then feed the output of this card into another Object – Construct with a key of profile.

The resulting output of our second card is an object that matches what Okta’s API expects for this request and looks like this:

{
  "profile": {
    "lastName": "User",
    "email": "example.user@test.com",
    "mobilePhone": "555-415-1337",
    "firstName": "Example",
    "login": "example.user@test.com"
  }
}
Enter fullscreen mode Exit fullscreen mode

You can then add the Okta – Custom API Action card with an action of POST. The full endpoint we want to hit is https://${yourOktaDomain}/api/v1/users?activate=false, so the Relative URL for the request will be /api/v1/users?activate=false.

With your constructed profile object and relative URL, you are now able to use the Okta – Custom API Action to POST to Okta’s API.

How to monitor sign-in based on geographic location

This tip is from Bryan Barrows, Workflows Builder Advocate at Okta.

This tip is based on a real use-case in which a customer wanted to monitor whether users who have a country code of UA in their profile attempt to sign in from outside of Ukraine – however, the logic can easily be customized for many unique scenarios.

Geolocation login
Login based on location

The flow has the following steps:

  1. Leverage the Okta – User Sign In Attempt event to fire a workflow anytime a user attempts to sign in.
  2. Add an Okta – Read User card and drag the Actor ID into the input field. We’ll also want to select the Country Code as an output field.
  3. Add a Branching – Continue If function and check if the user’s country code matches the one that you care about monitoring. If it doesn’t, we don’t need to do anything and the flow will stop.
  4. Add an Object – Get Multiple function and retrieve the geographical context of the sign-in event using dot notation by creating an output with a key name of client.userAgent.geographicalContext.country
  5. Add a Branching – If Else function and check that the output of Step 4 is equal to the expected country for the user to sign in from. When that is not the case, the False lane will execute, so any actions you want to take like sending a Slack message, etc, can be put here.

That’s all for now. Let me know if you have any tips you would like to share.


Two resources to help you learn more:

📌 Try this step-by-step getting started tutorial: Build Your First Automation With Okta Workflows: Notify When User Is Suspended.

📌 All the Workflows resources (docs, tutorial, office hours, templates, office hours and more)

Top comments (0)