Being able to import identities from HR systems and manage them in Okta’s Universal Directory is the basis for all of the downstream Identity actions every customer takes with the Workforce Identity Cloud. It allows customers to develop security policies to authenticate into applications, manage user lifecycles with easy provisioning and deprovisioning actions, and carry out governance capabilities for maintaining security posture as an organisation.
Okta already supports importing identities with out-of-the-box connectors for a set of popular HR applications (Workday, SuccessFactors, BambooHR, Namely, and Ultipro) and Active Directory. However, we want any organisation to have the freedom to directly connect any Identity source to Okta in order to drive access management, user lifecycle management, and governance use cases. Today, we are excited to announce the General Availability of our Anything-as-a-Source (XaaS) APIs, a new Lifecycle Management (LCM) feature that will allow you to import identities from any Identity source of truth.
Sync quickly and easily from any source of truth
Before XaaS, Okta LCM customers that used a non-integrated HR system had to implement manual processes through IT tickets and emails or create custom code to drive user lifecycle management; also known as Joiner, Mover, and Leaver flows. Since Okta had no line of sight for identity changes in HR systems to which Okta did not connect to, Okta could not be used to drive user lifecycle changes in downstream applications.
With XaaS, Okta can now receive identity updates directly from any HR system to drive lifecycle flows in Okta and automate actions in downstream applications. Now, for example, if an employee moves to a new department and the change is reflected in ADP or any other HR system,, they can get automatically provisioned to Google Workspace through Okta without the need of additional tickets. In addition, our APIs will provide increased choice and customisation for lifecycle event changes, filtering, user attributes, users updates, and more.
To integrate with XaaS, customers simply need to connect to the XaaS APIs. There are a variety of ways to do this, but the most common method is to use a Workflows-powered connector. Okta already has a connector available for Personio, while Greenhouse and more are on the way.
Regardless of how you implement XaaS, our APIs provide customers with the full automation capabilities of Okta’s Lifecycle Management product, such as user matching, automated user activation, and profile and attribute sourcing. There is no need for custom scripts to replicate our LCM automation when importing users with XaaS, so you can get started faster and have full confidence in the functionality.
Customers are already seeing the benefits of being able to connect to their chosen source of truth and being able to do it with fewer resources. The University of Notre Dame has seen success in their deployment of XaaS to source identities from Ellucian's Banner SIS.
We're now using XaaS as our main import interface to Okta. We've retired the original SCIM connector that was written during our initial migration to Okta in 2019.
XaaS has been working very well without issues for the last two weeks. Using XaaS, our import times have been cut down from over 4 hours to under 10 minutes. The cutover was smooth and simple. Having the flexibility and control to manage our import using the XaaS API has made a significant positive impact for IAM.
-Derek D Owens, Identity architect, University of Notre Dame
Get started with XaaS
XaaS is available now to all Lifecycle Management customers in the admin portal. To get started, review our step-by-step feature documentation or API documentation. If you are interested in learning more about XaaS, please reach out to Sales or your account manager.