Interested in how Okta works with cloud app vendors to enable the latest in advanced user provisioning? Or are you curious to get an insider’s take on our new provisioning developer program?
We recently chatted with Rob Christiansen, director of product management at Lucid Software, to understand why Lucid chose to work with Okta to enable user provisioning for their app via the SCIM user management standard.
Before we jump into provisioning, we want to hear a little bit about Lucid Software, Lucidchart and Lucidpress.
Co-founded by a former Google executive, Lucid Software helps companies and individuals solve complicated problems through our cloud-based visualization apps. Lucidchart, a diagramming application, and Lucidpress, a design solution, are utilized by over six million users, including those from Comcast, Dropbox, NASA, Netflix and Xerox, making them two of the most popular productivity apps on the web. Since our founding in 2010, Lucid Software has grown in revenue by over 100 percent each year and has received numerous awards for its business and workplace culture.
Congrats! Now tell us about why you wanted to add provisioning to your applications.
Lucidchart offers free, view-only licenses to enterprise along with paid licenses for creating and editing diagrams. By integrating with Okta, Lucidchart can automatically synchronize user status without requiring IT administrators to log into our user management tool. When a user leaves an enterprise, Okta can inform us via our SCIM endpoints, and that particular user’s documents and license can be safely transferred to a holding area for reallocation.
How does provisioning differentiate you in the market?
Adding user provisioning gives Lucidchart enterprise customers the ability to centrally manage users and licenses with a single tool. It’s unreasonable to expect administrators to log into each cloud application, including Lucidchart, to create, edit, license, suspend, and delete users. Now, with Okta, administrators can do all of that in one place.
None of our competitors offer similar enterprise-class tools for managing users, security, and intellectual property. Offering provisioning is a natural way for us to differentiate ourselves in the market, while (more importantly) making the job of IT administrators easier.
So, why choose SCIM as your standard?
We currently have the ability to auto-provision and deprovision users from Google Apps for Work accounts. We love that feature, but it left a gap in our offerings for our SAML-based customers. SAML works well for just-in-time provisioning, but it doesn’t provide a solution for early provisioning and particularly deprovisioning. SCIM does, and we’re confident it will become the standard of choice for provisioning.
Tell us about your experience with Okta’s SCIM provisioning developer program.
We registered for Okta’s SCIM developer program and heard back just over a week later that we had been accepted. The experience was a positive one, particularly because Okta provided detailed documentation. The SCIM documentation is notoriously vague in some regards; however, Okta provides some helpful details about the nuances of their specific documentation.
How exactly did Okta’s documentation clear things up?
The SCIM specification is built upon other standards such as OAuth 2.0. Lucidchart has long implemented three-legged OAuth flows, but the concept of bearer tokens was new to us. The more we studied the use of bearer tokens, the more confused we became. If you Google "oauth bearer token,” the second result that comes up is a post titled, "OAuth Bearer Tokens are a Terrible Idea." The documentation from Okta helped us better understand that bearer tokens are generated uniquely for each Okta client and therefore have a shared secret aspect that when combined with TLS made us more comfortable with the implementation.
In addition, Okta's documentation made clear that SCIM 2.0 is the preferred implementation, making our decision to build for SCIM 2.0 much easier. Okta is also clear about the SCIM 2.0 features that are not yet supported such as groups, allowing us to be more selective in the elements we knew we had to build out.
What are some of the other benefits of working with Okta?
Working with Okta gives us additional reach into enterprise IT. Okta customers are already cloud-friendly and eager to help their employees make the most of cloud-based applications like ours. Ultimately, end users will benefit from our integration because they gain access to tools — like Lucidchart — that their employer has determined will help them perform their jobs more effectively. And now IT administrators can focus on more important responsibilities than manually creating and managing users with a dozen cloud-based applications.
Furthermore, Lucidchart gains visibility within Okta for end users looking to explore and access cloud-based applications like ours that can make their jobs easier to perform.
It’s a win-win.
To see how the whole provisioning process in action, check out Lucid’s GIF showing: 1) the creation of a new group in Okta called“Software Engineering,” 2) making Lucidchart a default application for the Software Engineering group, 3) adding two users in Okta to the Software Engineering group and 4) seeing those two users appear as created, licensed accounts within Lucidchart without any additional action by the administrator.