Consent as an attribute?


I have a use case where the client would like to collect the users agreement of terms and services as part of application onboarding and store agreement DATE as an attribute.

They do not want to allow users to do self-registration, which would make this task a lot easier.

I’m currently trying to figure it out with Okta Workflows, but I’m not sure how far I can take it with it. My thought process is as follows:

  1. Create Okta user and add to application group
  2. Group addition will trigger a Workflow that sends the user a “Welcome to app” email
  3. That welcome email would have “Agree to terms and services” button or something similar
  4. Pressing the button will trigger an API call to update the users attribute with the date.

I can do this pretty easily to step 3. After that, I don’t know. How would I even track the user ID from the email? How would I allow API calls to update a user attribute, and not have security risks?

Anyone else been implementing something similar? How do you collect the “Agree to terms and services” without user self-registration process?

Thank you!