Deleting Inactive Users in Auth0 with Okta Workflows

Customer Identity Products, Extensibility (Workflows and Development), Uncategorized, Workflows 2 Minutes

A while ago Okta announced the integration of Okta Workflows with Auth0. Bringing low-code automation to the Auth0 platform. In this blog post I am going to talk about leveraging Workflows to remove inactive users from a tenant. I am using this in a demo environment where I have people login to demonstrate passkeys (As discussed in Going passwordless: Faster, easier, and more secure customer logins with passkeys). This post assumes that you have already linked Okta Workflows with your Auth0 tenant. If you have not done so please check out Connecting an Auth0 tenant to Okta Workflows for instructions.

There are two workflows included in the workflow template. A scheduled flow and a helper flow. The scheduled flow runs once a day and searches the Auth0 Tenant for all users that haven’t logged in for at least 7 days it then streams the result of this search to the helper flow.

The helper flow receives the result of the user search calls the delete user API and posts a notification to slack.

Scheduled Flow

The scheduled flow is quite simple. It is scheduled to run every day at midnight and then do the following steps.

  1. We retrieve the current time and subtract seven days from that with the Date & Time Now and Date & Time Subtract cards.
  2. Then we use the Text Concatenate function to construct the User Search Query in the form of [* TO <7 DAYS AGO> ].
  3. Then we use the Auth0 Search Users set to an Auth0 connection we already created and pass it the search query we created above which retrieves all users that have logged in prior to the date cutoff we determined above and streams each record to our helper flow described below. Refer to this post for details on how to connect to Auth0 tenant.
  4. Finally we post the number of users deleted to a connected Slack channel so that there is visibility of the flows execution.

Helper Flow

The helper flow operates as follows.

  1. It gets called with a record object from which we extract the email, last_login & user_id with and Object Get Multiple card.
  2. We then call Auth0 using the Auth0 Delete User Card which requires the user_id from above. This completes the action of deleting the user from the Auth0 tenant.
  3. Next we convert the last login time to a more user friendly format with a Date & Time Date to Text card and use this to compose a message.
  4. The message is then sent to our demo slack channel.

After the flow runs you should get a set of messages similar to the below for your test tenant.

Setup

To setup the flows in your Workflows console you can create them from scratch using the images above as reference or you can import the template. Once you import the template you’ll need to update the Auth0 and Slack cards to point to the appropriate connectors and Slack channel.

Published by Toby Allen

Toby Allen is a Solutions Engineer at Okta focussed on enabling simple secure access to technology everywhere powered by Identity. While working in the communications space for 15 years he developed a keen interest in security, particularly in his 5 years working with communications APIs at Twilio and is a CISSP and CCSP. In 2022 he transitioned fulling into the security space at Okta with Identity as the core enabler of Zero trust and secure access. Holding both an MBA and multiple technical certifications he is able to bridge the gap between executives and technical teams to deliver value to his customers.

Published

One thought on “Deleting Inactive Users in Auth0 with Okta Workflows

  1. Pingback: Connecting an Auth0 tenant to Okta Workflows – IAMSE

Leave a Reply