Okta Basics Curriculum: Automate Lifecycle Management
User lifecycle management is one of the most critical processes in any organization – it impacts compliance, security, access management, data protection, and plenty of other things. It is absolutely critical that organizations find an effective way to onboard, manage, and offboard users, and ensure that their internal access fits their job role.
For obvious reasons, automating the onboarding and offboard process makes everything easier for everyone, especially the IT teams responsible for managing identity at an organization.
Okta offers some user provisioning options that helps make this process smoother. Not every application integration including provisioning options, but a lot of them do. They can be accessed via the application profile under the ‘Provisioning’ tab.
Once the API credentials are confirmed, you can move forward and configure the provisioning settings both from Okta to the app, and from the app to Okta, depending on what workflow works best for you. You can also configure the app profile to automatically deactivate users when their Okta profile is deactivated – this piece is obviously a great tool when it comes to compliance.
From the application page, you also have the option to assign the application to specific groups – this allows you to automate the assignment of applications to new users. As new users are added to groups, they will be given access to the same groups as others in their group, without the need to manually assign each application to each user.
Next item on the list today is learning about how the Application Integration Wizard works. This wizard provides assistance when you have applications that you want to integrate into Okta, but they do not exist in the Okta Integration Network.
Under the Applications menu, hitting the ‘Create New App’ button brings up the following pop-up:
From here, you can choose the appropriate option (only choose SAML 2.0 if the application supports it). The wizard walks you through the steps to set up the integration, allowing you to add a logo, determine the app visibility (visible outside your org or not), and then configuring the SAML or SWA connectivity.
Last item on the list is setting up the application self-service menu for your users. Kind of a cool tool here if it fits your organization – you can allow users to add apps to their Okta menu themselves.
This essentially allows administrators to build a custom app catalogue that users can choose from, and add as needed, without needing to get an Okta admin involved. This also allows administrators to decide if some apps need approval before users can add them.
So that’s the quick run-through of lifecycle management in Okta – as mentioned earlier, this is a huge undertaking for any organization with a lot of moving pieces, so it isn’t as easy as just adding all your apps to a pool and turning access on and off. That said, Okta does have features that help make the process easier.