We end up using the Okta event hook, based on the type of event, you can enable the trigger to your external web-service where you can control the approval/rejection.
The detailed process would looks something like-
- While user registers, add him/her to temp group and add a low access sign on policy to control the access.
- Register event hook and enable it for event like “user activation” or “user to group membership” etc.
Note: You would need your webservice to be ready for step 2.
- Once you receive event payload, you can initiate the business approval workflow.
- If approved, make an api call to remove the user from group else remove user from Okta
Reference documentation- https://developer.okta.com/docs/concepts/event-hooks/
Hope this help!