Okta · Arazzo Workflow

Okta Find User and Suspend

Version 1.0.0

Look up a user by login and suspend them if an active match exists.

1 workflow 1 source API 1 provider
View Spec View on GitHub IdentityWorkforce IdentityCustomer IdentityAuthenticationAuthorizationSingle Sign-OnMulti-Factor AuthenticationIdentity GovernancePrivileged AccessAI AgentsCross-App AccessMCPPlatformArazzoWorkflows

Provider

okta

Workflows

find-user-and-suspend
Resolve a user by login and suspend them.
Searches for a user matching firstName, lastName, and email and, when found, suspends the active user.
2 steps inputs: oktaApiToken, query outputs: userId
1
findUser
listUsers
Search for a user matching the supplied query, returning at most one result.
2
suspendUser
suspendUser
Suspend the matched user so they can no longer authenticate.

Source API Descriptions

openapi
oktaApi https://raw.githubusercontent.com/api-evangelist/okta/refs/heads/main/openapi/okta-openapi-original.yml

Arazzo Workflow Specification

okta-find-user-and-suspend-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Okta Find User and Suspend
  summary: Look up a user by login and suspend them if an active match exists.
  description: >-
    A find-then-act offboarding flow. The workflow searches for a user by their
    login or email, branches on whether a match was found, and when found
    suspends that user so they can no longer sign in while their account is
    retained. The resolved user id is chained from the search into the suspend
    lifecycle call. Every step spells out its request inline, including the SSWS
    API token header, so the flow can be read and executed without opening the
    underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: oktaApi
  url: ../openapi/okta-openapi-original.yml
  type: openapi
workflows:
- workflowId: find-user-and-suspend
  summary: Resolve a user by login and suspend them.
  description: >-
    Searches for a user matching firstName, lastName, and email and, when found,
    suspends the active user.
  inputs:
    type: object
    required:
    - oktaApiToken
    - query
    properties:
      oktaApiToken:
        type: string
        description: Okta API token used for the SSWS Authorization header.
      query:
        type: string
        description: Search term matching the user's firstName, lastName, or email.
  steps:
  - stepId: findUser
    description: >-
      Search for a user matching the supplied query, returning at most one
      result.
    operationId: listUsers
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: q
      in: query
      value: $inputs.query
    - name: limit
      in: query
      value: 1
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/0/id
      userStatus: $response.body#/0/status
    onSuccess:
    - name: userFound
      type: goto
      stepId: suspendUser
      criteria:
      - context: $response.body
        condition: $.length > 0
        type: jsonpath
    - name: userMissing
      type: end
      criteria:
      - context: $response.body
        condition: $.length == 0
        type: jsonpath
  - stepId: suspendUser
    description: >-
      Suspend the matched user so they can no longer authenticate.
    operationId: suspendUser
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: userId
      in: path
      value: $steps.findUser.outputs.userId
    successCriteria:
    - condition: $statusCode == 200
  outputs:
    userId: $steps.findUser.outputs.userId