Moveworks' Account Access skill provides employees secure, self-service ways for users to resolve their login issues and can be integrated with Okta to do so.
By polling your organization’s Okta system every 30 seconds to check for account lockout events, Moveworks can help unlock user’s Okta account for them.
- Check for Lockout Frequency: By default the Moveworks checks for locked out users every 30 seconds. The amount of time between when the bot checks for locked out users can be configured (e.g. every 60 seconds, every 90 seconds, etc.).
- Account Lockout Notifications: Users will be notified of an account lockout at most four times a day, with a six hour gap between each notification message. Users can configure the amount of messages users receive about account lockout over a period of time — the period of time is also configurable. Users can also configure the gap between each account lock out message.
Moveworks communicates with Okta’s API over HTTPS to securely request account operations. For the most up-to-date information on Okta’s API, see Okta’s online documentation.
How does Moveworks identify locked out accounts?
Moveworks queries Okta’s System Log API for lockout events every 30 seconds, using the following search criteria:
eventType eq "user.account.lock" or eventType eq "user.session.start" and outcome.reason eq "LOCKED_OUT"
How does Moveworks unlock accounts?
The bot unlocks a user’s account with a
LOCKED_OUT status and returns them to
ACTIVE status by using the following API call:
Once unlocked, the user will be able to log back into Okta with their existing password.
If a user forgets their password, the Moveworks bot can help users reset it by giving the user a single-use link to the Okta forgot password portal. The actual password change happens in your organization’s ITSM system, so any existing security policies defined in Okta will apply.
Moveworks utilizes the “Reset Password” method of the Okta Users API to generate a one-time use link to the Okta Reset Password portal where they can change their Okta password.
When employees ask the bot to reset their Okta Verify MFA factors, Moveworks will initiate an Okta reset, by removing all factors associated with the user. Once the factors are removed, Moveworks will link the user to your organization’s Okta portal, where the user can log in. Once user’s log in, they will be prompted to set up a new MFA factor within Okta.
Moveworks is able to reset employee’s Okta MFA by using the following API call:
Updated 6 months ago