Automating partner access with Okta Workflows and Realms

Challenge: Modern collaboration creates identity complexity

In today's connected enterprise, your partners, vendors, and contractors are critical to your success. But providing them with the right level of access can create significant security and operational challenges. How do you grant access to the applications they need without creating security gaps, overwhelming IT with manual tasks, or managing multiple, siloed identity systems?

This complexity is a prime target for attackers who exploit overprivileged or improperly managed external accounts. The old way of managing identities is no longer enough; you need a security-centric approach.

Okta Realms: Your foundation for secure collaboration

A key part of building a modern, secure Identity architecture — what we call an identity security fabric — is creating strong, secure boundaries for all user populations. For external users, Okta Realms is one of those foundational features.

Realms enables you to partition partners and other external populations into secure, mutually exclusive, segmented teams within your single Okta organization. This allows you to:

• Strengthen your security posture by isolating external user teams and configuring specific authentication policies for these independent user teams. 
• Delegate administration to the partners or business units themselves, improving operational efficiency and reducing the load on central IT.  
• Streamline governance and compliance by scoping access certification campaigns to specific realms, making reviews faster and more efficient. Gain insight into user distribution for enhanced observability.

But what if the business logic and data that should determine a partner’s access level don’t live in Okta?

Extending identity with no-code automation

Many organizations need to assign access based on data from external systems like a CRM, ERP, or proprietary database. For instance, a partner's tier in a sales application might dictate which resources they can access.

This is where the Okta Platform demonstrates its true power and extensibility. Instead of writing brittle, custom code, hosted externally, you can use Okta Workflows, our no-code platform for secure identity orchestration. Workflows automate complex identity processes, acting as the connective tissue in your identity security fabric.

Solution: Dynamically assigning realms with Workflows

Using Workflows, you can easily create an automated process that listens for a new user creation in Okta, queries an external system for a key piece of data (like a partner tier), and then dynamically assigns that user to the correct realm. A helper flow is triggered when a user is created or updated. 

1. The flow queries your external system via API to retrieve the relevant attribute (e.g., "Gold Tier"). 
2. A mapping table in Workflows translates this business data into the corresponding realm name. 
3. The flow updates the user's profile, assigning them to the correct realm in Universal Directory.

Here’s a look at how this logic is built in Workflows. The flow chart of a basic implementation is shown below: