As the adoption of cloud and mobile increase, with a power boost from the Okta Application Network, Okta is enabling organizations of all sizes to start saying “yes” to its employees a lot more.
At Okta, we understand that by enabling IT decision makers to say “yes” means that the number of cloud applications an organization uses increases rapidly. Before becoming an Okta customer, companies typically will say they have roughly 5-7 cloud apps currently enabled within their organization. Once Okta becomes a tool at their disposal, within six months as a customer, on average the number jumps up to 10 applications, and 10 percent of Okta customers end up connecting over 40 applications. In the Okta Businesses @ Work report, we found that an average Okta customer utilizes 13 cloud applications.
With this increase in apps, we found that a typical customer could be using twice as many provisioning integrations. Of the applications connected for single sign-on, there are several where Okta had a provisioning connector that the customer had not enabled. Our customers’ success is our top priority, and we strongly believe in a large, ISV-neutral application network.
As we dug deeper, we found that there were two distinct types of applications IT had to manage. First are “birthright” applications that are provisioned to everyone in the company and require a rich synchronization of attributes. Second are business applications which are provisioned based on business unit with nuanced entitlements. Often, the knowledge of how a user should be provisioned sits with an admin in the business – not someone in IT.
As we explored this further, organizations consistently told us that efficient identity lifecycle management is the absolute foundation to proper IT management. VPN access, MFA policy, BYOD policy and application access entitlements all depend on the foundation of determining a user’s lifecycle state, and what that user should have access to based on their attributes and business processes.
Okta has spent years building the most powerful provisioning integrations to cloud apps on the market. What was missing is more of a “provisioning engine” that customers needed to help drive the process around provisioning. This engine needed to enable customers to orchestrate more of the onboarding process, automate how users are assigned to groups, provide flexibility for how business applications are provisioned and provide admins in the business with more provisioning power. Today, Group Membership Rules is GA and we have Beta programs running for App Request Workflow and Diff Reporting. In the legacy IAM world, identity governance and administration (IGA) products were often designed for maximum flexibility – but this led to tons of customization work and complexity. We think there’s a better way and customers told us that they want us to look across the Okta customer base, and build something prescriptive that takes best practices from how efficient IT organizations operate.
We are building Okta Provisioning to do just that - to enable customers to get the most of our provisioning integrations. You can read more about the importance of automating the identity lifecycle in our recently published whitepaper, “The Foundation for Cloud-first, Mobile-first IT.”