Okta is always looking for ways to enhance security and streamline our processes. That's why we've embraced passwordless onboarding for our new hires, leveraging the power of FIDO2 standards and Okta identity verification. This is about more than ditching passwords; it's about building a more secure, efficient, and user-friendly experience from day one.
Our path to passwordless onboarding
This fresh approach simplifies the onboarding process, eliminating the traditional friction caused by password setup and activation links. Here's a look at how it works:
- Automated provisioning: When a new employee profile is created in our HRIS, it's automatically imported into Okta. This creates a staged Okta account and triggers a workflow.
- YubiKey fulfillment: An Okta Group rule assigns the staged account to a group that triggers a YubiKey workflow. This workflow fetches the employee's shipping details from Workday and creates a shipment order with YubiEnterprise. The YubiKey is then shipped directly to the employee's address from Yubico's warehouse.
- Seamless activation: The Okta user account is activated as soon as the YubiKey is shipped. This triggers an activation email, instructing the new hire to use their YubiKey and a PIN to authenticate into their Okta account. This means they can gain immediate access without needing an activation link or a temporary password.
Enhanced security and efficiency
This new process offers significant benefits in security and operational efficiency:
- Stronger security posture: By using FIDO2 standards, we provide a phishing-resistant authentication method right from the start. This approach requires verification with a phishing-resistant authenticator to enroll any other phishing-resistant authenticators, creating a robust security chain.
- Operational efficiency: Automated provisioning and hardware delivery reduce the workload on our IT teams. We've also built in async handling for shipping data, with workflows that automatically re-attempt shipment orders if data is incomplete. For full-time employees, the account is automatically activated once the YubiKey ships and the background check is complete, provided it's less than 28 days from their hire date. Contractors are handled manually during their day-one orientation to ensure a smooth start.
Results: Better user experience
Our passwordless onboarding approach has created a smoother, more secure experience for our new hires and internal teams. They can complete their onboarding tasks with ease, and our IT orientation is much smoother since identity proofing is already complete. Our case perfectly illustrates the power of a modern identity solution: streamlining processes while providing a stronger layer of security across our entire ecosystem.
Read about passwordless security from Okta, or contact your Okta Sales representative to learn how to transform your onboarding and more.
