In this edition of The Production Line, we provide you with a twofer; a mini-series all about HR-driven provisioning. This month and next, we’ll be zeroing in on this key feature of Okta Lifecycle Management (LCM). As you’re probably aware, Okta has a number of pre-built HR integrations—and that’s what we’ll delve into in next month’s post. But to kick things off, we’re going to dig deep into the integration that 60% of our LCM customers who use HR-as-primary are currently using: Workday.
HR-driven provisioning: A quick history
If you’re an admin, you’re well aware of the trials and tribulations of provisioning users. But there are a lot of terms used for these operations: onboarding and offboarding, lifecycle management, deprovisioning, and user provisioning are all commonly used terms for the process of adding or removing employees to an organization.
These processes have always been necessary for medium to large-sized organizations and have almost always been manual. The innovation of linking HR process with IT teams brought on HR-driven provisioning, which naturally came about as IT teams typically get their data (new hires, terminated users, promoted employees, etc.) from HR. This data was communicated to IT in very manual, error-prone ways such as .csv files, emails, scripts, and ticketing systems. The surge in contractors and other temporary workers only escalated the risks of this patchwork approach.
Although HR systems such as PeopleSoft are almost as old as IT systems, they were usually based in an on-premises infrastructure. This software was usually not well integrated with the IT systems in place, which forced the manual, patchwork communication described above.
And then came Workday — why we built this
Once SaaS apps became more widely adopted, these types of apps exposed APIs, allowing connections with other SAAS apps. These developments ushered in an environment where connecting applications became easy and commonplace. Born-in-the-cloud apps like Workday sealed the deal, setting the stage for total automation.
But back in 2012, most organizations were using Microsoft Active Directory (AD) as their source of truth. They used AD as a “primary”, but it didn’t integrate well with their HR systems—especially cloud-based human resource management systems (HRIS). Okta, however, made it easy to adopt best-of-breed applications, and in 2013 we built connectors to HRIS systems that worked well with AD. This combination meant that IT could flow user profiles from their HRIS to AD, and vice versa. From these developments and innovations, Okta’s Workday-as-a-primary (WDaP) was born.
Since those early days, similar products have entered the market, but most lack the simplicity and cohesiveness of the Okta integration with Workday, which includes:
- Granular control over the onboarding and offboarding process without coding.
- Freedom from legacy provisioning technology stacks that required consultants and custom code.
- An independent and vendor-neutral approach, abandoning the proprietary stack by integrating with the leading cloud and on-prem resources.
- The ability to map and transform data (even “dirty” data) from any source of truth—with customizable formatting.
- Group membership rules to use groups and profile attributes to power access management, onboarding, and offboarding.
It's also introduced rich innovation in how users can be on- and off-boarded through an organization:
The benefits of these innovations can be felt, not only within the HR and IT sphere, but throughout an organization, with measurable increases in
- Productivity – Day-1 system access for new employees and contractors, eliminating the traditional back and forth between HR & IT
- Security – Timely and complete deprovisioning in minutes
- Audit/compliance – Easy reporting and proof of a process for auditors
Are you taking full advantage of these innovations with Workday?
What’s been the customer reaction to the feature?
Workday-as-a-primary has been around for awhile now, and users have voiced appreciation for a range of its benefits, from “being able to use attributes in Workday as a primary, yet still have the password be primary for Active Directory”, to simply “easy logic for faster provisioning”.
But the leap from 600 employees, to something like 62,000, requires a complex and robust system that leaves no room for error. Organizations such as MGM, Medallia, 20th Century Fox, and Hendrick Automotive Group rely on WDaaM for their massive workforce of employees, partners and contractors. Click their links to read their unique stories of how this feature changed the game for them.
Not using Workday? We’re not done.
If you have Workday but not using WDaaM yet, learn everything you need to get started right here: Free SSO & Provisioning for Workday.
If you’re not using Workday, but are using or interested in HR-provisioning, we’ve still got you. Next month, part 2 of this mini series will delve into other HR integrations such as UltiPro, SuccessFactors, BambooHR, and Namely—stay tuned for more!
Missed a previous post? For more behind-the-scenes looks at our products, read them all!