Lifecycle Management: Getting Started Guide

As an Okta Lifecycle Management (LCM) customer, you’ve already taken the first step toward increasing productivity and eliminating the manual provisioning process. 

The following outlines each step of implementation to successfully onboard Lifecycle Management.

1

Onboarding Lifecycle Management Step 1.

To get started, add users and apps for them to use:

  1. Integrate your existing Active Directory (AD) 
    • Download and install the Okta AD agent to ensure you have the most current features and functionality. To view additional details on AD integration, see here.
    • Configure your import and account settings to control how and when user data is brought in or configure JIT (optional).
    • Set up del auth - allows end users to authenticate against Okta with their AD credentials, eliminating the need to keep track of yet another set of credentials (optional but recommended).

Don’t use AD? See our LDAP instructions below:

  1. Integrate your existing Lightweight Directory Access Protocol (LDAP) server 
  2. Identify and configure data to assign access

2

Onboarding Lifecycle Management Step 2.

It is time to set your organization up with success with materials to help manage your apps and users.

  • To manage lifecycle processes, take stock of all the apps used across your organization—as well as which departments manage and provision those apps—and identify which have the highest task loads and highest risk factors. Automating provisioning for a popular app like Office 365, Salesforce, or AWS.
     
  • To manage access grants, map apps to their owners—whether it’s IT or line-of-business (LOB)—and identify a system for granting coarse-grained access along with roles and admin privileges. This way, you can see which apps, control roles, and groups are unused and clean them up.
     
  • To manage audits and compliance, you need to understand the regulations that apply to your business and apps, as well as the types of data stored. Since compliance is time-consuming and prone to human error, this is an excellent opportunity to modernize processes.

3

Onboarding Lifecycle Management Step 3.

You've successfully taken steps to sync identity silos into a single view and made sure changes in these directories are regularly imported by Okta. 

The next steps are creating a single source of truth and automating provisioning for your apps:

4

Onboarding Lifecycle Management Step 4.

Now that you’ve started embedding automation into your provisioning and deprovisioning flows, it’s time to build out your audit and compliance processes.

  • First, set up with AD/LDAP: Starting in your AD or LDAP environment, set up business roles and group rules, using a clear naming convention—it can be helpful to track this in a spreadsheet.
  • Then set up groups in Okta, use groups to assign coarse-grained access to your IT-owned company-wide apps, and fine-grained access to specific entitlements within the app.
  • Keep your records organized: Having clearly labeled, up-to-date records of all these permissions and roles can help prepare your org for accurate reporting, including during audits. Explore your Okta org to determine the relevant auditing processes available to you.