Registration Inline Hook to add manual approval/rejection

Questions
1

Hello,

I want to add approval/rejection to the Okta registration or app assignment flow. The diagram below looks promising except that it looks like the hook is a synchronous call and won’t work for a long running manual process like manual approval/rejection. Any suggestions how to handle this scenario?

Thanks and regards,
Nils

image
image.png1500×352 15.6 KB

2

I wonder if the identity engine progressive profiling may offer more async type controls:

1 Like
3

I have the exact same requirements which I took on today. I will keep you posted if I find a solution. Please let me know if you find the solution early.

1 Like
4

Hello Nils,

We end up using the Okta event hook, based on the type of event, you can enable the trigger to your external web-service where you can control the approval/rejection.

The detailed process would looks something like-

  1. While user registers, add him/her to temp group and add a low access sign on policy to control the access.
  2. Register event hook and enable it for event like “user activation” or “user to group membership” etc.
    Note: You would need your webservice to be ready for step 2.
  3. Once you receive event payload, you can initiate the business approval workflow.
  4. If approved, make an api call to remove the user from group else remove user from Okta

Reference documentation- https://developer.okta.com/docs/concepts/event-hooks/

Hope this help!

Regards,
Akshay

5

Hello Akshay,

Thanks for sharing your solution :slightly_smiling_face: This would work. We could then for instance trigger business approval workflow on “user create” or an “import inline hook”. When the manager approves/rejects user we could then call Okta API to “activate user”
or “remove user”.

Thanks and regards,

Nils

6

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.