An Integrated Approach to Lifecycle Management

The modern workforce is fluid— the proliferation of part-time workers, contractors, vendors and distributed partner networks, each with unique lifecycles, poses a huge hurdle for access management and compliance. Organisations need to empower these users with the access and apps they need, from the (many!) devices they use, without jeopardising the company’s data.

Today at Oktane16, we’re happy to announce a new product and a series of enhancements across our product portfolio resulting in an integrated, 100% cloud approach to lifecycle management.

The first part of our announcement is a new product, Okta Lifecycle Management, formerly known as Okta Provisioning. The new name reflects a broader set of functionality and expanded vision for the product. We’ve gone from offering a single facet of user provisioning to a “one-stop-shop” in the cloud to manage end-to-end, integrated lifecycle management and compliance across apps and devices. We’ve added powerful new workflow capabilities, enhanced our lifecycle policies, added audit reporting and now offer a rich extensibility model for integration to third-party systems.

Unlike traditional Identity Governance and Administration systems, which can be overly complex and expensive, Okta Lifecycle Management offers a simple UX, encodes best practices and requires simple configuration to get up and running. It is integrated with our Universal Directory and Mobility Management products and benefits from provisioning integrations that deepen our ability to configure accounts, 5,000+ apps, and policies on smartphones, tablets, and laptops. It’s extensible and easily integrates with external third-party workflow systems.

New capabilities in Okta Lifecycle Management include:

• New User Lifecycle Policy: At the core of Okta Lifecycle Management is our new User Lifecycle Policy, which allows administrators to define time or activity events that trigger provisioning events based on user states. For example, a company can set up a contractor for a 30-day project, automatically suspend her and her access to the company’s resources upon project completion, and then renew her access if needed at a later time. The company can then prove to its auditors that the employee has been completely deprovisioned through our enhanced deprovisioning reporting capability.
• New Workflow Capabilities + Rich Audit and Compliance: Our workflow capability is aimed at improving flexibility of the end-to-end app approval workflow process. Users can now add groups to the approval chain, include notes as approval is processed, and access approvals from a simple web-based approval inbox. And finally, we’re adding the ability to detect drift in user attributes as part of the Access Discovery Report. By comparing Okta’s system of record to what an application is reporting, any “out-of-sync” attribute, like access level, can be tracked and captured in the report.
• Integration with IT Service Managers (ITSM) and Workflow Providers: Our new external provisioning workflow will integrate with a ticketing system or email to handle the business process of provisioning both cloud and on-premises applications that don’t yet integrate with Okta. For example, a sales application can leverage the Access Request Workflow to allow new users to ask for access, and if approved, a ticket with all the necessary information to provision the application will be generated. IT will then provision the application and close the ticket. Okta is able to recognise once the ticket is closed and creates the application icon on the user’s SSO page.
• Device Lifecycle Capabilities: When combined with Okta Mobility Management, Okta can now manage the complete user and device lifecycle across desktops, laptops and mobile devices. Automated distribution of email, VPN and Wi-Fi profiles, pre-configuration of native mobile app SSO, certificate distribution to establish device trust, and deprovisioning of the device can all be driven by lifecycle policy to provide a single, integrated approach to managing people and their devices.
• New Lifecycle-Aware Additions to Universal Directory: User and resource objects stored in Universal Directory now have an expanded set of prescriptive lifecycle states that govern access to resources over time. You can now temporarily Suspend and Deactivate users, delete users to complete off boarding and recycle usernames. Resources like applications account also get Approved and Revoked states to make it easier to manage the full lifecycle of a resource from request to deprovisioning. While these lifecycles are easily managed by out of the box policies and workflows, APIs make it easy to extend Okta Lifecycle Management with custom logic and workflows.