In Apple device management, automation is everything. The more of your work that you can automate via scripts, APIs, and other tools, the less you have to do manually and the more time you have for other, more strategic projects. Kandji customers now have another powerful automation tool, in the form of Okta Workflows.
Okta is a leading identity and access management provider. Its Workflows feature is a no-code platform that enables you to build automations—called flows—based on changes in your Okta user store.
You assemble these flows from cards that represent triggers, actions, or logic functions. Each flow begins with a triggering event in Okta or on a schedule. You then compile a series of logic-action functions—“if-this-then-that” statements—that will follow that trigger or schedule, by dragging and dropping cards into an order of execution. You can embed one flow inside another; Okta refers to these as child and parent flows. And using Okta Workflows connectors, you can integrate third-party apps and services into your flows.
That’s where Kandji comes in: Using the new Kandji connector, you can now build Okta flows that, using the Kandji API, trigger actions in Kandji’s device management solution. That means you can automate things in Kandji—such as locking or erasing a device or moving it to a different Blueprint—based on things that happen in Okta. You can also orchestrate actions across multiple services, including Slack, Google Workspace, Atlassian, or email, as well as Kandji.
Automating the Lifecycle
So, for example, let’s say an employee changes departments, which necessitates a change in that user's record in Okta. You can create a flow triggered by that change to deploy new applications, adjust security configurations, and change device settings in Kandji.
You can also build a flow to cover the scenario of a user leaving your organization. You could configure the flow to trigger automatically when a user is suspended in Okta. It could de-provision applications, move that person’s devices to a Blueprint for suspended users (which can automatically demote user accounts and remove VPN settings and certificates) and finally send a message that all that’s been done to your IT department’s Slack channel.
Or maybe there’s been suspicious activity on a user account in Okta Identity Cloud. Using Okta Workflows, that activity could trigger Kandji to check the security stance of any devices associated with that user or to take action—perhaps locking down devices by assigning them to more restrictive Blueprint or demoting their user accounts from admin to standard.
Kandji and Okta have collaborated to build a suite of 23 connector cards that you can use in building your flows. These cards can initiate actions such as erasing, listing, locking, restarting, shutting down, and updating devices; getting lists of apps and Library Items on a device; creating Blueprints; getting the Activation Lock bypass codes, FileVault recovery keys, or unlock PINs for a device; and more. (For the full list of actions and other details, check out our support article. And for more details on Okta Workflows, go to their Workflows Help Center.)
Of course, you must be both a Kandji and an Okta customer to take advantage of this integration; in addition, you must have access to the Kandji API. (See our API support article for details on the latter.) You should also note that the Kandji API can’t address a user until a device is associated with them. So this new integration will be most useful for devices that are already enrolled and assigned to users.
About Kandji
The new Kandji connector is built on top of the Kandji API, which—like zero-touch deployment, one-click compliance, and offline remediation—is one more way Kandji can help you automate enrolling, configuring, and securing your devices.