Yes! Every Systems Engineer, DevOps engineer, IT Technician (or whatever new title the industry invents next) eventually reaches a point where their job goes far beyond building secure bridges and centralized authentication systems.
Soon enough, problems from beyond the Shire start knocking at your door.
License management, notifications, provisioning without SCIM, database cleanup… the limit is basically whatever challenges you decide to tackle.
In this article, I’ll explain how Okta Workflows helped me solve real operational challenges, and how it can help you do the same.
📌Let Me Ask You Two Questions
Have you ever wondered:
- How can I optimize licenses for SaaS applications and make sure users are actually using them?
- How can I clean thousands of deactivated users from endless databases?
These were recurring problems in my environment, and I chose Okta Workflows as the platform to solve them.
But first things first.
🤨What Is Okta Workflows?
Okta Workflows is a no-code automation platform provided by Okta that allows you to build automated processes both inside and outside the Okta ecosystem.
You might be thinking:
“Okay, but how can Okta Workflows actually help me?”
Chances are, after reading this, you’ll either discover automation needs you didn’t know you had or realize how many repetitive tasks you can eliminate.
📗Classic Example
A typical onboarding automation might look like this:
New employee created in Okta →
- Assign Slack or Microsoft Teams channels
- Add required Google Groups
- Send welcome email
- Notify IT and HR internally
The result?
✅ Reduced manual work
✅ Improved security
✅ Fewer human errors
Now that we understand what Okta Workflows can do, let’s look at how I solved two real-world challenges.
1️⃣License Management Optimization
If you manage SaaS platforms, you’ve probably faced this question:
“How do we stop paying for unused licenses?”
Users request access to applications, use them for a while… and then abandon them. Their accounts remain inactive, basically as useful as a fax machine in 2026.
The result?
You end up paying €50,000 for 1,000 licenses when only 70% of users are actually active.
That’s a lot of wasted budget.
Most SaaS platforms don’t provide native mechanisms to automatically revoke licenses from inactive users.
This is where Okta Workflows becomes extremely powerful.
💊Important Consideration: Login Sessions
If your application is integrated with Okta and uses enforced SSO, you can track login activity through Okta System Logs.
However — be careful🚨
Browser session tokens may allow users to access apps without authenticating again for long periods.
If possible, adjust the application’s session expiration settings to a reasonable timeframe. Once this is configured correctly, your login logs become reliable data sources.
🏧Automation Strategy
Here was my approach:
Every day at 9:00 AM CET
- Review all licensed users.
- Check login activity.
- Identify users inactive for more than 30 days.
- Remove their license, but keep viewer-level access.
📈Benefits
This approach allows us to:
✅ Maintain a REAL list of active licensed users
✅ Pay only for what we actually use
✅ Preserve limited access for inactive users
✅ Reduce SaaS costs significantly
Applied across multiple high-cost applications, the savings become very noticeable.
👷🏼♂️Implementation in Okta Workflows
Okta Workflows includes native connectors for many platforms like Figma, Jamf, Miro, Monday, Salesforce, Slack, Atlassian, and more.
And when a connector doesn’t exist, you can always call APIs directly.
In my case, I only needed the Okta connector, since logs and provisioning could be managed centrally.
Trigger Flow
- Runs daily at 9:00 AM CET
- Retrieves all users assigned to the licensed Okta group
- Sends them to a helper flow
Helper Flow
- Receive users with metadata
- Query Okta System Logs for latest
user.authenticationevents - Filter users inactive for 30+ days
- Move them from:
- Licensed group → Unlicensed group
- Send Slack notification to administrators
No deactivation occurs, only license updates. Flow completed.
The entire process now runs automatically in seconds and only requires occasional auditing.
2️⃣Database Cleanup Automation
Many organizations accumulate massive numbers of deactivated users.
They remain stored indefinitely:
- Occupying space
- Complicating audits
- And increasing operational noise
Okta environments often contain deprovisioned users still associated with groups years later.
Here’s how I automated cleanup.
Trigger Flow
- Runs daily at 9:00 AM CET
- Retrieves users with DEPROVISIONED status
- Sends them to helper flow
Helper Flow
- Receive users and metadata
- Capture current execution date
- Calculate time difference since deprovisioning
- Filter users inactive for more than X days
- Permanently delete qualifying users
- Notify stakeholders via Slack
Simple, yes, but extremely effective.
💆🏻♂️Final Thoughts
Automations like these may seem small individually.
But combined, they create a strong, reliable, and scalable infrastructure that dramatically improves operational efficiency.
I’ll continue exploring new possibilities with Okta Workflows, and if you’ve made it this far, I highly recommend giving it a try if you haven’t already.
Thanks for reading!