Using Okta actions in journeys and workflows

When you integrate Atomicwork with identity access platforms like Okta, Azure AD, and Google Workspace, you can perform automated actions like creating a user, adding a user to a group, suspending a user, and deactivating a user.

When configuring an onboarding or offboarding journey (or even a team change journey), you can use these automated actions to automatically perform these operations instead of having to note it down on your to-do list and manually log into these platforms to perform these operations every single time.

To add Okta actions to a journey or a workflow, you must connect Atomicwork to Okta.

Add Okta actions to workflows

A workflow is triggered by an event in a request. Workflow trigger events can be service request, request or incident events like "incident is created" or "a reply is sent in an incident". Okta actions are one type of many actions available to an IT admin to configure.

Go to Settings > Workspace > Workflows. Create a workflow or click the workflow to which you want to add actions
Click "Perform action" > "Okta actions".

Add Okta actions to journeys

Journeys can be triggered by an agent, scheduled for a certain day or triggered by certain API events like BambooHR profile creation.

Go to Settings > Journey templates. Click on the journey to which you want to add an action or create a new one from scratch.
Choose the Stage > Okta actions.

Create an Okta user

Tip: This action is most useful in onboarding workflows and journeys.

Enter an employee’s first name, last name, email, password, and phone number. We'd recommend you use dynamic placeholders from the request or service (in the case of a service request). For example, if it’s firstname.lastname@yourcompany.com, you could add .@yourcompany.com in the email field.
Password strength. While you will ask that new employees reset their password when they first log in (We’d strongly recommend it), it’s still crucial to follow information security best practices, even if it’s for temporary passwords. Use dynamic placeholders to create a unique, strong password for new employees.
In journeys, Okta actions are automated actions that do not need to be manually executed by an HR or IT manager. So, you only need to specify when you want the action to be executed. Your two options are the day the employee moves to the stage or a day relative to the day an employee moves to this stage.
In journeys, you also need to name the Okta action in a way that is easy to understand so your teammates know why you’ve set it up. Okta actions will be visible to journey collaborators but not to employees who have been assigned this journey.
Click “Add/Done” to add the action to your journey or workflow.

Add an Okta user to a group

Tip: This action is most useful in onboarding journeys and can only be executed for existing Okta users. So, please make sure to create a new employee as an Okta user first before adding this action.

Choose which Okta user needs to be added to a group
Choose the Okta group you want to add a new user to. You can’t create an Okta group from Atomicwork, so please make sure to create the group on the Okta console before you set up this action.
In journeys, Okta actions are automated actions that do not need to be manually executed by an HR or IT manager. So, you only need to specify when you want the action to be executed. Your two options are the day the employee moves to the stage or a day relative to the day an employee moves to this stage.
In journeys, you also need to name the Okta action in a way that is easy to understand so your teammates know why you’ve set it up. Okta actions will be visible to journey collaborators but not to employees who have been assigned this journey.
Click “Add/Done” to add the action to your journey or workflow.

Suspend an Okta user

Tip: Suspending people in your organization is useful if you have temporary and contract workers or when your employees are on leaves of absence. You may also want to suspend a user who has permanently left your organization so that you can review their group and app assignments before deactivating them. Suspended users' app and group memberships are maintained and are reinstated when the user is unsuspended.

To set up the action, choose the Okta user whose account needs to be suspended.
In journeys, you need to specify when you want the action to be executed. Your two options are the day the employee moves to the stage or a day relative to the day an employee moves to this stage.
In journeys, name the Okta action in a way that is easy to understand so your teammates know why you’ve set it up. Okta actions will be visible to journey collaborators but not to employees who have been assigned this journey. Okta actions are automated actions that can be executed by Atomicwork directly.
Click “Add/Done” to add the action to your journey or workflow.

Deactivate an Okta account

Tip: Deactivated users will not have access to any apps and may need to be reassigned apps when reactivated. However, deactivated users will not be removed from groups until they are deleted. Users can be deleted only on the Okta app and not Atomicwork.

To set up the action, choose the Okta user whose account needs to be deactivated.
In journeys, please specify when you want the action to be executed. You don’t have to specify an assignee because Okta actions are all automated actions. You can choose to execute it on the day an employee moves to a stage or a day relative to this date
In journeys, name the Okta action in a way that is easy to understand so your teammates know why you’ve set it up. Okta actions will be visible to journey collaborators in the configuration view but not to employees who have been assigned this journey.
Click “Add/Done” to add the action to your journey.

Remove a user from a group

To set up the action, choose the Okta user account and the group from which they need to be removed.
Click "Done" to add the action to your workflow.