Cross-Provider Workflow

Okta Deprovision with Slack Session Revocation

Version 1.0.0

Deactivate an Okta user, then invalidate their Slack sessions.

1 workflow 2 source APIs 2 providers
View Spec View on GitHub ArazzoWorkflowsCross-Provider

Providers Orchestrated

okta slack

Workflows

deprovision-revoke-sessions
Deactivate an Okta user and invalidate their Slack sessions.
Deactivates a departing user in Okta and invalidates the user's Slack sessions to force sign-out across clients.
2 steps inputs: slackTeamId, slackUserId, userId outputs: deactivateStatus, slackOk
1
deactivate-user
$sourceDescriptions.oktaApi.deactivateUser
Deactivate the departing user in Okta.
2
invalidate-slack-sessions
$sourceDescriptions.slackAdminApi.postAdminUsersSessionInvalidate
Invalidate the user's active Slack sessions.

Source API Descriptions

openapi
oktaApi https://raw.githubusercontent.com/api-evangelist/okta/refs/heads/main/openapi/okta-openapi-original.yml
openapi
slackAdminApi https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-admin-openapi.yml

Arazzo Workflow Specification

id-okta-deprovision-deactivate-slack-session.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Okta Deprovision with Slack Session Revocation
  summary: Deactivate an Okta user, then invalidate their Slack sessions.
  description: >-
    An offboarding workflow that deactivates a departing user in Okta to revoke
    their SSO access, then invalidates the user's active Slack sessions so any
    open clients are signed out. Demonstrates coordinated session revocation
    across an identity provider and a collaboration platform.
  version: 1.0.0
sourceDescriptions:
  - name: oktaApi
    url: https://raw.githubusercontent.com/api-evangelist/okta/refs/heads/main/openapi/okta-openapi-original.yml
    type: openapi
  - name: slackAdminApi
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-admin-openapi.yml
    type: openapi
workflows:
  - workflowId: deprovision-revoke-sessions
    summary: Deactivate an Okta user and invalidate their Slack sessions.
    description: >-
      Deactivates a departing user in Okta and invalidates the user's Slack
      sessions to force sign-out across clients.
    inputs:
      type: object
      properties:
        userId:
          type: string
        slackTeamId:
          type: string
        slackUserId:
          type: string
    steps:
      - stepId: deactivate-user
        description: Deactivate the departing user in Okta.
        operationId: $sourceDescriptions.oktaApi.deactivateUser
        parameters:
          - name: userId
            in: path
            value: $inputs.userId
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          deactivateStatus: $statusCode
      - stepId: invalidate-slack-sessions
        description: Invalidate the user's active Slack sessions.
        operationId: $sourceDescriptions.slackAdminApi.postAdminUsersSessionInvalidate
        requestBody:
          contentType: application/x-www-form-urlencoded
          payload:
            team_id: $inputs.slackTeamId
            user_id: $inputs.slackUserId
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          slackOk: $response.body#/ok
    outputs:
      deactivateStatus: $steps.deactivate-user.outputs.deactivateStatus
      slackOk: $steps.invalidate-slack-sessions.outputs.slackOk