Three Ways to Integrate Active Directory with Your SaaS Applications
The inability to remove application access when a user no longer requires it can have security and business impact to your organization. Okta automates the end-to-end deprovisioning process including:
Automated End-to-End Workflow
User deactivation is typically triggered from a corporate identity store such as Active Directory. When a user is deactivated from AD, users are automatically deactivated within Okta and a deprovisioning workflow is kicked off to de-provision the user from downstream applications.
The workflow generates a notification to administrators and guides IT to complete any necessary manual deprovisioning tasks associated with a particular user or application.
Deprovisioning Task List
As part of the deprovisoning process, some accounts need to be manually removed from the application directly. Certain accounts might be shared or used as a personal level. Okta creates a deprovisioning task list as part of the workflow that covers all outstanding users and accounts and ensures that all actions are clearly recorded.
Deprovisioning Audit Trail & Report
One of the biggest concerns related to deprovisioning is having the ability ensure and record that all administrative actions were taken and that users no longer have access to critical business systems. Within Okta, the entire audit trail is captured for reporting and audit purpose so that you can easily generate historical deprovisioning reports over time by user or by application.
Active Directory Integration
User deactivation is typically triggered from a corporate identity store such as Active Directory. With Okta’s Active Directory Integration, deactivating a user in AD initiates a deprovisioning workflow immediately to ensure maximum effectiveness in preventing rogue access.