Okta Workflows is Okta's automation layer — a no-code flow builder that triggers on identity events (user provisioned, sign-in, MFA failure, group membership change) and can execute actions across connected applications.
Two of those actions are the Slack connector and the Microsoft Teams connector. Both are available in the Okta Workflows connector library. Both allow Okta Workflows to post messages to messaging channels when identity events occur.
They are independent connector instances. Routing one Okta event to both Slack and Teams requires either two separate connector action cards in the same workflow, or two parallel workflow branches — each authenticating with its own bot token, each configured with its own channel mappings.
Why This Matters for Security Operations
Security events don't respect platform boundaries. A suspicious sign-in alert needs to reach the on-call security engineer — who may be in Slack — and the IT manager on call — who may be in Teams — simultaneously.
With native Okta Workflows connectors, achieving this requires:
- Building two parallel branches in the workflow (Slack branch and Teams branch)
- Authenticating two separate connector instances (Slack bot token, Teams bot token)
- Maintaining two separate channel configurations
- Updating both branches when routing changes (new team, new channel, new severity threshold)
Each additional platform doubles the connector maintenance surface for every security workflow.
Okta Event Hooks: The Simpler Path (No Workflows License Required)
Okta Event Hooks (Admin Console → Workflow → Event Hooks) fire real-time HTTP POST requests to any HTTPS endpoint when identity events occur. No Okta Workflows subscription required — Event Hooks are available on all Okta plans.
Configure an Event Hook pointing to a SyncRivo inbound endpoint. Select the events: user.session.start (for risk-based sign-in monitoring), user.mfa.attempt_bypass, user.lifecycle.deactivate, group.user_membership.add for privileged groups.
SyncRivo receives the Okta Event Hook payload and routes to Slack, Teams, Webex, Google Chat, and Zoom simultaneously based on your routing configuration. One endpoint. No parallel branches. One routing configuration to maintain.
Per-Event Routing for Identity Signals
Not all Okta events warrant the same audience across platforms. Per-event routing handles the common security operations model:
- Suspicious sign-in (high risk score): Slack #security-ops (immediate investigation) + Teams Security Engineering channel (parallel awareness)
- MFA bypass attempt: Slack #security-ops on-call DM + Teams IT Operations channel (active threat, both platforms)
- User deprovisioned: Slack #it-ops (access revocation confirmation) + Teams HR channel (headcount update)
- Privileged group membership added: Slack #security (audit log) + business owner Teams channel (approval confirmation)
Okta Workflows with HTTP Connector
For event routing that requires conditional logic — escalate only if the user is in a privileged group, or only if the sign-in is from an unfamiliar country — build an Okta Workflow with the conditional logic, then use the HTTP connector as the final action step pointing to SyncRivo. The HTTP connector replaces both the Slack and Teams connector cards with one action. Routing logic for which platform receives the event lives in SyncRivo, not in parallel Okta workflow branches.
For the complete Event Hook configuration, Okta Workflows HTTP connector setup, and per-event routing rules, see the Okta Security Alerts in Slack & Teams integration guide.
Ready to connect your messaging platforms?