Skip to main content
All CollectionsTemplatesIntermediate
Disable and Contain a Specific Compromised User in Okta - Workflow Template
Disable and Contain a Specific Compromised User in Okta - Workflow Template

Workflow and nested workflow that can be used to disable a specific user in Okta when an account is found to be compromised.

Updated over 6 months ago

This workflow template outlines a robust response for disabling a specific compromised user in Okta. It is designed to be triggered on-demand, inclusive of Slack and Microsoft Teams integrations, with webhook support. Upon initiation, the workflow validates the executing user's permissions, gathers user details, sends notifications, and performs critical account containment actions such as password reset, user suspension, factor reset, and session clearance in Okta, ensuring swift mitigation against potentially compromised identities. The entire process results in a feedback loop with real-time updates provided to the initiating user or team via Slack.

Take Me to the Template

Optional Triggers

Slack,"Microsoft Teams",Webhook

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. Execute the nested workflow to confirm the user executing the workflow has permission

  2. Gather the user details and notify the user executing the workflow

  3. Reset the users password, suspend the user, reset any other authentication factor and clear sessions

Vendors

Slack, Utils, Okta, HTTP

Workflow Output

Messages to Slack on verdict of successful user suspension

Related Articles
Verify Permissions to Execute Specific Workflows - Okta - Workflow Template
Disable and Contain a Specific User in Entra ID (ex-Azure AD) - Workflow Template
Clear Okta sessions for specific users via Slack - Workflow Template
Disable a Specific User in Google Cloud Identity - Workflow Template
Daily Report to Slack on Inactive Okta Users - Workflow Template
Did this answer your question?