Skip to content
  • There are no suggestions because the search field is empty.

How to automate App Access with Okta/JumpCloud with the AI IT Agent

About this article

App provisioning is one of the most frequent — and repetitive — IT requests.
The App Provisioning playbook enables the AI Agent to handle these automatically, from qualification to action, in full auto-pilot mode.

What It Can Do

With a properly configured playbook, the AI Agent can:

  1. Qualify the request — ask for the app name and required permission level.

  2. Check eligibility — validate department rules or available licenses.

  3. Request approval — automatically notify the manager or app owner if needed.

  4. Execute the action — add the user to the right group in Okta, JumpCloud, or directly provision the license.

  5. Confirm resolution — notify the employee once access is granted.

If automation fails, the Agent automatically creates a standard request for IT to follow up — ensuring no interruption.

Why It’s Useful

  • Frees IT teams from repetitive provisioning tasks.

  • Gives employees faster access to the tools they need.

  • Ensures governance and approval flows are respected.

Example in Action

Employee: “I need access to Figma.”

AI Agent → “Got it! What level of access do you need — Viewer or Editor?”

Employee: “Editor.”

AI Agent → Validates the request, gets approval from the manager, provisions access via Okta, and confirms completion.

Result: App access requests are processed automatically, with full traceability and zero IT manual work.

 

💡 Best Practices

  • Get clear playbook names "IT request" is not specific enoug. "Okta App Access requests" or "Software access handled in Jumpcloud" is specific enough. 

  • If your app group names have the same structure (appname_users, appname.group etc) and a common approval flow, you can use one single playbook to manage all the requests, with clear instruction and guideline for the agent on how the groups are structured. 

  • If you have specific rules for specific apps, it is recommended to have one dedicated playbook for this specific app with proper instructions and set of actions (including approval). 

 

How to set it up

Before starting, make sure you’ve reviewed the Playbook configuration fundamentals to understand how to create and customize playbooks in Siit.

If your Okta or JumpCloud integration is connected to Siit, you’ll have access to pre-built templates designed for this use case — look for the playbook named 🔗 Okta – App Provisioning 📲 (among other available templates).

 

 

Once you’ve selected this playbook and clicked Use playbook, you can adjust the configuration to match your specific needs.

In this example, we want the AI Agent to:

  1. Qualify the app name when the employee submits the request (if not already specified).

  2. Add the user to the correct group based on the requested app. (You can define naming conventions for groups to help the Agent identify them in your directory.)

  3. Inform the requester once the action has been successfully completed.

  4. Create a request automatically if any issue occurs during execution, assigning it to the correct IT service for follow-up.

💡 You can be as detailed as needed in your instructions to ensure the Agent has all the context required to execute actions accurately.

⚠️ Make sure to use the /Actions button to insert the proper action in your instructions. Only mentioning the action "add to user to the right group" without using the dynamic action, won't be enough for the Agent to execute. 

 

Once the playbook is saved, test it live!

 

Want to send an approval request within the playbook?

It's doable! Here is how to do: 


In the example below, the Agent executes each instruction defined in the playbook, based on the employee’s request.

App Access Playbooks library

 

CleanShot 2026-01-08 at 10.41.32

CleanShot 2026-01-08 at 10.46.02

CleanShot 2026-01-08 at 10.41.52