Skip to main content
Reading Time: 2 minutes

Background

I recently worked on a Workday to Okta integration and as I side-effect of getting the application working, we noticed that there were tasks with errors showing in the Okta Dashboard.
These errors are caused by pending tasks in Workday, like a user hadn’t officially started, or there was a change of role scheduled in the future. The normal fix is just to retry these tasks manually when the user starts or when the changes have been made in Workday, which means you, the admin, have to remember to retry the tasks, and we all know that’s not going to happen.

Challenge 

I wanted a way to schedule the profile push to retry each failed task automatically. I looked on Okta Support, which said to add it to their ideas submission – other consultants seem to have had the same issue. I also drew a blank on the #okta and #okta-workflows channel in MacAdmins Slack, so I accepted the challenge.

Okta Workflows

What you need:

  • 3 workflows
  • 2 tables
  • Okta connector enabled with OAuth scoped with okta.application.read and okta.application.manage.

Workflow 1 is your trigger, in this case a scheduled flow to run every hour and lists all the users assigned to Workday:

Okta Workflow Diagram

Figure 1: 001 – Get Sync State

 

Workflow 2, helper flow, checks every user record and if their syncState is not equal to SYNCHRONIZED, a row is created in an ‘Errors table’:

Okta Workflow Diagram

Figure 2: 002 – Helper – Check for Sync State Errors

Workflow 3, helper flow, is the triggered when Workflow 1 lists the errored UserIDs for each row the ‘Update Application Profile for Assigned User’ card with no inputs other than the User ID:

Okta Workflow diagram

Figure 3: 003 – Helper – Update Workday

The flow then wait for 5 seconds, checks to see the if the syncState has been updated to SYNCHRONIZED and creates a row in the ‘successfully updated table’.

In this example the Workday tenant has over 1000 users with around 40 errors and the workflow takes 10-15 minutes to complete, so can be run hourly, you may choose to increase the increments based on your platforms needs.

This methodology could be implemented into many use cases and you could even have it running for multiple applications asynchronously. It could even be used for alerting admins to errors on the platform if linked with an email connector, Slack or Teams for example. 

If you would like a consultation on how Okta Workflows could be utilised on your platform, please reach out.