In this tutorial, we will build a use case titled 'User Lifecycle Management in Okta' by streamlining API tasks and OAuth connections using Automation Co-pilot.

Use Case: User Lifecycle Management in Okta

In an organization, the IT support team frequently receives requests from users needing actions like 'Account Password Reset via Email' or 'User Unlock'. Typically, these requests require the support team to navigate through various applications and systems. For example, they may start by logging the request in the organization's ticketing system, such as ServiceNow, to track and manage the issue effectively. Later, they might access the relevant core applications (Okta) to execute the necessary tasks, such as unlocking a user account or initiating a password reset email.

Once the support team has completed the required actions, they update the ticketing system to reflect the resolution and verify with the user before closing the ticket.

However, this traditional workflow often results in extended wait times and inefficiencies, impacting both user satisfaction and the productivity of the IT support team.

Let's utilize the Automation Success Platform API Tasks and OAuth Connections to address the problem statement mentioned above. But before we proceed, let's take a moment to understand what API Tasks and OAuth connections are.

API Tasks:

If you want to run your automations in Headless mode or serverless in the cloud to fetch results from a SaaS application in real-time, you can use API Tasks. API Tasks run purely in the cloud by spinning up K8 clusters managed by Automation Anywhere. These clusters dynamically adjust the number of cloud devices based on your concurrency requirements, eliminating the need to manage bot runners in your environment. This reduces operational and maintenance costs.

API Tasks are similar to Task bots, yet they are tailored specifically for API-based SaaS packages. In the left pane of API Tasks, you will find data transformation and conditional commands. You can use the debugger feature to test API Tasks before integration, just like you would for task bots.

API Tasks can be invoked via Form and Process, and we will learn how to do this in the tutorial below.

Invoke API Task in Form

When invoked from a Form, API Tasks run on cloud devices and can provide a 'real-time' response in milliseconds. They are designed to execute API operations such as data lookups, GET/POST/UPDATE/PATCH/DELETE with ease.

 

Invoke API Task in Process

 

When invoked from a Process, API tasks run in a queue in the cloud, providing faster responses compared to Task Bot executions. This approach is useful for use cases that take longer to complete, ensuring the overall flow remains resilient.

 

OAuth Connections

OAuth is an authorization protocol that enables secure access to third-party resources or APIs without user credentials, while managed centrally in the Control Room. It facilitates secure token management for enterprise applications, ensuring restricted access and role-based controls for automation processes.

 

Let's create an OAuth connection for ServiceNow, which will be used in our use case later. Please refer to the product documentation to obtain the necessary details, including the Client ID, Client Secret, Authorization URL, Token URL, and Scope.

 

1. Login to Control Room as an Admin
2. Navigate to Manage > OAuth connections.
3. Click Create connection.
4. Select Provider as Custom > copy Callback URL > Provide Connection Name > Click Next.

   

    

5. Select Grant Type as Authorization Code Flow > Provide the captured Client ID, Client Secret, Authorization URL, Token URL, and Scope > Click Next.

 

6. Check Save Login Credentials checkbox > Click on Save Changes and Test Connection button.
7. You will be redirected to Service Now for providing user authentication and consent. When you select this option, select the Shared token type option when using this connection

8. Once authentication is approved by the user, you will see 'Test connection succeeded' & Shared token status as ‘Active’.

Building the Automation

Let's build the automation and follow the design below:

Form Design

Drag and drop the required elements (Text Box, Button, and Radio Button) from the Elements panel on the left into the Form Builder to create the Get User & Request Closure forms.

Get User Form:

Request Closure Form:

API Task Creation:

Create API Tasks from Private workspace by clicking on ➕icon > API Tasks > Provide API Task name and click Create & Edit.

Let's build below API Tasks,

• Get Employee Details
• Account Password Reset via Email
• Unlock User
• Case Closure

Get Employee Details API Task:

This task will take sEmployeeMailId as an input parameter to retrieve employee details such as FirstName, Last Name, and Status from Okta third party application. These details will be displayed in the form using the Invoke API Task via Form. Based on the call conversation, an IT Support person will update the Issue description in the form. This is fed to the sShort_Description input variable for creating the Service Now ticket and updating the ticket fields such as Caller, Assigned to and status (In Progress) in single go.

1. Let's create two “input” string variables as shown below
   • sEmployeeMailId
   • sShort_Description
2. Add the REST Web Services: Get method > Get command to fetch employee details from Okta.
   • Note: This is how to get API Key checkout Product documentation (Okta).
   • URI: $sURL$/api/v1/users?q=$sEmployeeMailId$&limit=1
   • Header: Authorization - Pass API Key
   • Assign the output to a variable: Mapped variables > Body > sGetEmployeeDetailsResults

3. Use Json: Start session command and pass variable $sGetEmployeeDetailsResults$ to Text, provide Session name.

4. Use Json: Get node value to retrieve the node values for First Name, Last Name and Status from API response.

5. Use Json: End session and provide the same session name as mentioned in Step 3

6. Use ServiceNow: Authentication to generate an Access token from ServiceNow. Use the OAuth connection > SNOW created in the above OAuth connection section. 

Select Authentication type as 'Control room OAuth connection' and select the correct connection name. Choose the Token type as Shared, key in Session Name as shown below.

The advantage of using OAuth connection is that the Control Room will handle the generation of Access tokens, and these details can be securely managed by the admin as a one-time activity.

7. Use ServiceNow: Create Record for creating ServiceNow incident by passing below inputs. For this use case, the Caller and Assignee values have been hard coded in the variables to keep it simple. In a real-world scenario, you can fetch them dynamically.

8. Use ServiceNow: Get Record to get the incident number by passing RecordID from above step.

Account Password Reset via Email API Task:

This task will take 'sEmployeeMailId' as an input from the Get User Form. Based on the user's radio button selection, the 'Account Password Reset via Email API Task' will be triggered via Process.

1. Use REST Web Services: Post method > Post command for sending the Account reset details via email.

URI: $sURI$/api/v1/users/$sEmployeeMailId$/credentials/forgot_password?sendEmail=true

Header: Authorization - Pass API Key

Assign the output to a variable: Dictionary > dAccPassResetAPIStatus

2. Use Dictionary: Get API response status, e.g., 200.
3. If the API response is 200 OK, then assign the value 'A password reset request was made for your Okta account.' to the $sNotes$ variable. This will be automatically populated in the Case Closure form. If the IT support person wants to edit it, they can. Essentially, this reduces the time they spend updating notes.

Unlock User:

This task will take 'sEmployeeMailId' as an input from the Get User Form. Based on the user's radio button selection, the 'Unlock User API Task' will be triggered via Process.

1. Use REST Web Services: Post method > Post command for unlocking the user via API.

URI: $sURI$/api/v1/users/$sEmployeeMailId$/lifecycle/unlock

Header: Authorization - Pass API Key

Assign the output to a variable: Dictionary > dUnlockUserAPIResponse

2. Use Dictionary: Get API response status, e.g., 200.
3. If the API response is 200 OK, then assign the value 'User unlock request was made for your Okta account.' to the $sNotes$ variable. This will be automatically populated in the Case Closure form. If the IT support person wants to edit it, they can. Essentially, this reduces the time they spend updating notes.

Case Closure:

This task will take '$sRecordID$' as input from the Get User Form and update the incident with Work notes. These notes are automatically populated from the respective API tasks, and the user will have the ability to add or edit them before clicking on the 'Update Case' button. Case Closure API Task is triggered via Form.

1. Use ServiceNow: Authentication to generate an Access token from ServiceNow. Now, use the OAuth connection > SNOW created in the above OAuth connection section.

Select Authentication type as 'Control room OAuth connection' and select the correct connection name. Choose the Token type as Shared key in Session Name as shown below.

2. Use ServiceNow: Update a Record command for updating the service now incident with work notes and set the incident status as Closed.

Check In all the API tasks to the public workspace.

Process Creation:

Create process from Private workspace by clicking on ➕icon > Process > Provide Process name and click Create & Edit. From the process canvas drag and drop required commands as per the requirement.

1. In the Process Start, select Form > Browse and select the 'Get User' form. Update the Request title to 'Get User Details’.
2. Seek assistance from the Administrator to configure API tasks in the Administrator > Settings > Cloud device management section. Click on the '+' button in the 'API Task allocations' module and add all the API tasks.

3. On clicking the Get Details button in “Get User Form” API Tasks is triggered via Form for fetching employee First Name, Last Name and Status.
4. Edit “Get User” Form > Click on Form rules (to invoke API task via Form) > Add rule if the If > select Get Details Button element > is clicked.
5. In the Then > select Form actions Get value from API task > Browse and select “Get Employee Details” API Task. Pass the input and output variables accordingly.

6. Once we click on the 'Get Details' button in the form, you will see the API response being fetched in the form.
7. Based on the user selection in the form, we will take the necessary action to execute either an Account Password Reset or Unlock User. We will add API tasks to be invoked via a process using If/Else and API task commands.

8. Drag and drop the API command and select the respective API task that we created in the previous steps. Provide the respective input parameters.

9. After the API task execution, we are checking the API status to route the flow for updating the case details and closing it if it's successful. Otherwise, the flow will be routed to the 'Failed' status in the AARI tasks for the current request.
10. Use Form call Case Closure form for displaying Ticket #, Work Notes and Record ID > Add Case Closure button as shown below.

11. On clicking the Update Case button in “Request Closure Form” another API Task (Case Closure) is triggered via Form for updating the Work Notes, ticket Status.

Edit “Request Closure” Form > Click on Form rules (to invoke API task via Form) > Add rule. In the If > select Update Case Button element > is clicked.

In the Then > select Form actions Get value from API task > Browse and select “Case Closure” API Task. Pass the input and output variables accordingly.

12. Upon clicking the 'Update Case' button in the form, you will observe the case being updated in ServiceNow, with the status reflected in the form.
13. Follow the same steps for Else condition “Unlock User” flow as well.
14. Final Process will look like this:

Execution:

Scenario 1: Account Password Reset via Email

User: John Doe

Issue Description: I forgot my account password and am unable to access my account. Can you please help me with a password reset via email?

1. The IT support person will enter the end user's email ID and update the issue description in the respective form field during their call.

2. On clicking the 'Get Details' button, the API tasks will be invoked via the form to retrieve employee details.

3. The API tasks have retrieved employee details from Okta, and an incident is created in ServiceNow. Based on the issue description, the IT personnel will select the 'Account Password reset via email' option and click on the 'Submit' button.

4. API Task will execute to send the Account Password reset via email in the cloud.

John (End User) will receive the following email to his registered email address for resetting the password.

In this scenario, the Work Notes are automatically populated, and the IT personnel will click on the 'Update case' button. Behind the scenes, another API task (Case Closure) will be triggered via Form to update the case details such as Work Notes and ticket status to Completed.

Service Now Updates:

AARI Trail:

5. The IT Support person assists the user in seconds compared to the manual tasks, which could take minutes. This way, both the end user and IT are pleased, saving time while capturing all the details in accordance with organizational policies.

Scenario 2: Unlock User

User: John Doe

Issue Description: After returning from a long holiday, a user is unable to access their account. It seems that their account is locked, which is halting their operations.

Okta Console:

1. The IT support person will enter the end user's email ID and update the issue description in the respective form field during their call.

2. On clicking the 'Get Details' button, the API tasks will be invoked via the form to retrieve employee details. In this case users account status is LOCKED_OUT.

3. The API tasks retrieved the employee details from Okta, and an incident is created in ServiceNow. Based on the issue description, the IT personnel will select the 'Unlock User' option and click on the 'Submit' button.

4. API Task is executed to unlock the user account in the cloud.

5. In this scenario, the Work Notes are automatically populated, and the IT personnel will click on the 'Update case' button. Behind the scenes, another API task (Case Closure) will be triggered via Form to update the case details such as Work Notes and ticket status to Completed.

End User’s account is unlocked. Okta console,

Service Now Updates:

AARI Trail:

6. The IT Support person assists the user in seconds compared to the manual tasks, which could take minutes. This way, both the end user and IT are pleased, saving time while capturing all the details in accordance with organizational policies.