Automated User Management
Whitepaper
Three Ways to Integrate Active Directory with Your SaaS Applications
Okta provides comprehensive user management offering capability that spans mass user import and provisioning, deprovisioning, and user data and password synchronization.
Centralized Control of People and Groups
Built from the ground up as a native cloud service, Okta is architected to be an independent user store. The People tab in Okta gives you one view of your users and groups, and is easy to search and sort. You can quickly drill in to individual users and get detailed user, group, and application assignment information and quickly take administrative action.
Native Okta groups can be used to assign applications and take other actions across a set of people. Groups can also be mapped to, and synchronized with group definitions in other applications or Directories such as Active Directory or Google Apps.
Automated User Import
Okta can automatically import users from a variety of directories and applications in order to jumpstart your deployment. Because Okta also serves as an independent user store, you can very easily map a user’s profile in Okta to multiple different identities that person has in a variety of downstream SaaS applications. In fact Okta applies automated matching algorithms to all user imports to do that matching for you. And for apps that don’t have the APIs to support user import, Okta will work with a CSV formatted user list and apply all of the same matching intelligence to those users.
Deprovisioning Workflow and Reporting
The inability to remove application access when a user no longer requires it can have security and business impact to your organization.
Okta’s support for Centralized Deprovisioning automates the end to end process and workflow, including a complete audit trail and report. Once users are removed from Active Directory or Okta, the rest is managed by or through Okta to improve security and ensure compliance.
Rules Driven Provisioning
Okta supports a flexible set of provisioning options across your cloud applications. From the Applications homepage with one click you can easily select a set of users and one or more applications and okta will automatically provision the necessary accounts and deploy access to those applications to the targeted users.
Provisioning rules for specific applications can be tied to group membership so that application assignments happen automatically when users are added to a group. Those Okta groups can also be mastered by groups in other systems like security groups in Active Directory so that adding a user to Active Directory with a membership in a “sales” security group can drive the downstream provisioning of a Salesforce.com account for a user via Okta automatically.
Similar to the deprovisioning workflow Okta also provides a provisioning workflow to manage the end to end process of on boarding a user and their application assignments, whether the underlying applications support automated provisioning or not.
Seamless Active Directory Integration
Through Okta’s deep Active Directory Integration you can automate Okta user creation and the provisioning and deprovisioning of accounts in your cloud applications
Just in Time (JIT) Provisioning
With JIT provisioning enabled an Okta user account is automatically created the first time a user (who is a valid user in AD) attempts to log into Okta. This streamlines provisioning even further, adding Okta users with minimal work needed from IT.
Pre-Integrated Applications
Okta supports the broadest and deepest set of user management integrations across the cloud apps within the Okta Application Network. You don’t have to worry about how your vendor supports these features or do any integration work yourself, just select the app, configure your options, and deploy.