Efficient, Automated,
Cost Effective

Workday-Driven IT Provisioning

Datasheet

Workday Driven IT Provisioning

Download

For enterprises using Workday for Human Capital Management (HCM), Workday is often their authoritative source of user data and thus identity management. All stages of an employee or contract worker's status - including pre-hire interview process, start-date, transfers and terminations - are all managed and initiated within Workday. However In many cases IT must synchronize Workday user records with AD and various applications manually when a user is on-boarded and as they change roles over time and in some cases, end users themselves are involved in updating their own user profile information in Workday. When a user is terminated, the Workday account might be disabled while the AD account and other application access is still active - creating real security risk.

Traditionally, integrating HCM with a legacy identity management system to close this gap was a massive project costing millions of dollars, spanning many months of implementation and resulted in a brittle solution that was expensive to maintain over time. Okta and Workday are changing that, bringing Identity Management and Human Capital Management together with a pre-integrated offering that is easy to deploy, effective and cost efficient.

Workday-Driven Identity Lifecycle Management with Okta Identity Management

Okta automates user management into all leading cloud and web applications, and this process typically starts from a corporate directory like Active Directory. Now, with Workday-driven identity lifecycle management those provisioning and deprovisioning processes can be driven automatically from Workday via Okta identity management. And unlike integrations between HCM and Identity Management systems in this past, this integration is productized, robust, and cost effective to implement and maintain over time.

Benefits include:

  • Automated provisioning & deprovisioning between Workday and cloud applications
  • Automated Active Directory account creation and deactivation, driven by changes in Workday
  • Workday Provisioning Group and AD Security Group mapping
  • Scheduled synchronization (Hourly, daily or on-demand)
  • Centralized reporting and audit of access across all systems

Developed Jointly with Workday

Okta and Workday have a strong, comprehensive partnership that spans executive management, R&D, sales, and services. More than simply writing to a Workday API, Okta and Workday jointly developed this identity life cycle management functionality, introducing new features such as Workday Provisioning Groups in Workday and an enhanced provisioning workflow in Okta.

Identity management Workday installation

Identity management Workday installation

Easy to Install and Configure

Okta's philosophy on directory and application integration is to deliver pre-built, turnkey solutions. The Workday integration is no different: through Okta, the Workday-driven provisioning configuration can be finished in minutes and the entire end to end solution can be rolled out as a part of a fixed price services offering. No custom software development or ongoing maintenance of custom code required.

Workday-Driven Active Directory Provisioning

Okta identity management maps and synchronizes Workday employee attributes to Active Directory user attributes. Okta also manages the entire provisioning workflow – including scheduled imports from Workday, AD account creation, temporary password generation and new user notification. On day one, a new user can log into her Windows domain using her temporary password and can immediately access applications using her AD credentials. Security and simplicity.

Identity management before Okta

Identity management before Okta

Identity management Workday and Okta

Identity management Workday and Okta

 

Automated Group-based User Management

With Okta identity management, AD Security Group memberships can be created according to Workday Provisioning Groups. Okta can also automate application provisioning, with appropriate authorization levels, based on the Provisioning Group information. If a user is terminated in Workday, or if their group membership changes, Okta pushes the change downstream to automatically deactivate AD accounts, deprovision applications and/or change authorization levels No more manual processes.

Identity management automated groups

Identity management automated groups

Identity management automation with Okta

Identity management automation with Okta

 

Comprehensive Identity and Access Management for Workday

In addition to identity life cycle management, Okta also offers a full suite of identity management features for Workday, including single sign-on, multi-factor authentication and centralized administration and reporting to provide secure access to Workday from any device at any time.