The Production Line: Automations


Production Line

For our second edition of The Production Line, we’re going back to the future with Automations. Introduced in February of 2019, this Early Availability (EA) feature is currently the most popular EA selection since we added self-enablement options for super admins, so let’s dig in!

What are Automations?

The Automations feature impacts three areas that make the lives of admins and IT teams easier: security issues, audit and compliance requirements, and IT productivity. How does it work? It’s a rules-based framework that automates (often manual) lifecycle tasks, and is composed of two parts: conditions and actions. You define the condition, as well as the elements that trigger the action Okta performs.

A common problem Automations can solve is ending the lifecycle of a contractor’s account. Unlike employee accounts, which IT generally has more control of, and visibility into, contractor accounts are often handled in a more haphazard way. IT frequently creates accounts for contractors but rarely has a consistent flow to deactivate them. The result? The account can remain even after the contractor finishes, posing both a security threat and a compliance issue.

Automations can solve this! Let’s say all contractors should be suspended on Dec 31, 2019. The condition checks for a group membership (e.g., is the user in the “Contractors” group?) and the date (e.g., is today Dec 31, 2019?). If the conditions are met, an Automation can automatically execute an action that suspends those users.

Why did we build it?

We talked to quite a few customers, and learned that they were spending far too much time on manual lifecycle tasks. Some were spending upwards of 50% of their daily work on manual user accounts tasks alone. These productivity losses had the added effect of compromising security and compliance requirements. Examples include clearing lists of stale users, manually suspending users, or dealing with users whose passwords had expired.

How were they solving these problems? Manually suspending users, using resources to write individual PowerShell scripts, and creating ad hoc, inactivity-based suspension tools with Okta APIs. All of these options worked, but what was needed was a tool that could save admins time, and could also be reused for similar, routine use cases.

When the beta for this feature was launched in July of 2018, we didn’t have to go far to find willing participants. Mick Johnson, a member of the Okta on Okta team and author of our Dogfooding Chronicles series, saw an immediate benefit to our compliance efforts. “It really helped us in our efforts to comply with FedRAMP compliance.”

According to FedRAMP requirements, any user that has not signed into Okta for 90 days or more must be suspended. Previously, in order to comply with this requirement, Mick’s team ran a daily script and used ServiceNow to audit and report the jobs.

According to Mick, Automations changed the game. “Automations has totally simplified the entire auditing process and reduced auditing costs. Plus, I love how it allows our organization to use Okta as a single pane of glass when it comes to managing our user’s lifecycle policies.”

What has been the customer reaction to the feature?

Now in EA, Okta customers love the ease of use for Automations—as well as the manual tasks it removes from their day. Here are a few of the comments we’ve captured:

– “I love the simplicity of setup and the benefit of its actions.”

– “It's automated—schedule it and forget it. And I like that there's actually a system log event for audit purposes.”

– “I like being able to automate tasks I currently use Powershell for. It allows total LCM from one place rather than having to use scripts and such.”

– “Love that it takes away the clean-up duty.”

But we’re just getting started…

Customers are seeing great results, but there’s more to be done. Currently, conditions and actions are only triggered by user inactivity or password expiration. The future of Automations is a more flexible, customizable framework to configure more complex conditions and an even larger suite of actions across the entire Okta product suite.

Can I access this feature today?

Yes! This feature is available for self-service enablement; learn how on our Manage Early Access page. If your company has an LCM subscription, you’ll find Automations within the list. Get instructions for implementation right here: Automations.

Upcoming posts will highlight new features, describe the best ways to access them, and most importantly, show how you can make Okta work smarter for you. Check out our Okta Product Roadmap to get a full view of our current beta, EA and GA features.

Missed our inaugural post? Read it here: Meet Our New Product Series: The Production Line.