ITP01 – User Risk Change to OPA

[featured_image]
  • Version
  • Download 19
  • File Size 31.27 KB
  • File Count 1
  • Create Date September 2, 2025
  • Last Updated September 2, 2025

ITP01 - User Risk Change to OPA

This download contains an Okta Workflows folder containing workflows to take user risk changes from Identity Threat Protection with OktaAI (ITP) and use them to control access in Okta Privileged Access (OPA).

There are two main flows and three helper flows (utilities). There are no tables used. The two main flows are:

  • EVENT - User Risk Changed to Group Change - triggered off a user.risk.detected event, it will change the users membership in the three risk-related groups (high, medium and low) as used in OPA.
  • OITP - Admin Reported User Risk - attached to an ITP entity risk policy, it will kill the users Okta sessions and remove them from the groups that assign them to the OPA app

The three helper flows (UTIL**) will setup some parameters, strip out some group details, and remove a user from a group respectively.

The flows require three connectors - an Okta and Okta ITP connector (using the Okta Workflows OAuth app credentials) and a GMail connector (you could swap it out for another email connector and modify the relevant flow).

Installation involves creating a new workflows folder, importing this download, enabling the flows and then configuring Okta, ITP and OPA. See the main article for details.

Leave a Reply