We're Hiring

Corporate Account Executive (BENELUX)
Sr. Customer Success Manager
Sr. Technical Consultant, Professional Services
Sr. Manager, Partner Marketing (EMEA)
Senior Accountant
Developer Evangelist
Director of Product Management for Reporting and Big Data Applications
Director/Sr Manager of Product Management, Microsoft Technology and Integrations
Lead UX Researcher
Senior Product Manager, Enterprise Mobility
Senior Product Manager, User Experience and Growth
Technical Marketing Manager
UX Designer
Sr. Customer Success Manager
Sr. Technical Instructor
Director, Sales Strategy & GTM Operations
Sales Operations Analyst
Sales Operations Manager
Sr. Data Analyst
Sr. Data Analyst (Marketing)
Sr. Data Engineer
Cloud Enterprise Architect
Integrations Services Manager
Sr. Technical Consultant
QA Manager
Quality Engineer - Mobile (Sr./Staff/Principal)
Quality Engineer - Mobile (Sr./Staff/Principal)
Site Reliability Engineer (Sr./Staffing/Principal)
Software Architect
Software Engineer - Core Technology (Sr./Staff/Principal)
Software Engineer - Directories Platform
Software Engineer - Federations Platform
Software Engineer – Mobility Management (Principal/Architect)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - Office 365 Okta Cloud Connect (Sr./Staff/Principal)
Software Engineer - Performance (Sr./Staff/Principal)
Software Engineer - Security (Sr./Staff/Principal)
Software Engineer - Security (Sr./Staff/Principal)
Software Engineer - UI Mobility Management
Software Engineer - UI/Data Visualization (Sr./Staff/Prin.)
Software Engineer - Universal Directory (Sr./Staff/Principal) SF/Seattle/Austin/Toronto
Software Engineer in Test - O365 Identity Management
Information Security Engineer/Sr Information Security Engineer
Sr. Penetration Testing Engineer
IT Support Engineer
Principal/Sr. Systems Architect
Commercial Contracts Attorney
Sr. Manager, Field Marketing
Corporate Account Executive
Enterprise - Regional Sales Manager (Denver)
Field Account Executive - Rocky Mountains/Desert
Sales Development Representative
Sales Engineer
Sr. Sales Engineer
Technical Support Engineer
Director, Business Development - ISV Partner Ecosystem

Manage Across People, Groups, and Apps


More Resources


Three Ways to Integrate Active Directory with Your SaaS Applications



Forrester: Navigate the Future of Identity and Access Management


Okta provides comprehensive user management offering capability that spans mass user import and provisioning, deprovisioning, and user data and password synchronization.

Centralized Control of People and Groups

Centralized Control of People and Groups

Centralized Control of People and Groups

Built from the ground up as a native cloud service, Okta is architected to be an independent user store. The People tab in Okta gives you one view of your users and groups, and is easy to search and sort. You can quickly drill in to individual users and get detailed user, group, and application assignment information and quickly take administrative action.

Centralized Control of People and Groups

Centralized Control of People and Groups

Native Okta groups can be used to assign applications and take other actions across a set of people. Groups can also be mapped to, and synchronized with group definitions in other applications or Directories such as Active Directory or Google Apps.

Automated & Centralized User Management

Automated & Centralized User Management

Automated User Import

Okta can automatically import users from a variety of directories and applications in order to jumpstart your deployment. Because Okta also serves as an independent user store, you can very easily map a user’s profile in Okta to multiple different identities that person has in a variety of downstream SaaS applications. In fact Okta applies automated matching algorithms to all user imports to do that matching for you. And for apps that don’t have the APIs to support user import, Okta will work with a CSV formatted user list and apply all of the same matching intelligence to those users.

Automated Deprovisioning

User deactivation is typically triggered from a corporate identity store such as Active Directory. When a user is deactivated from AD, users are automatically deactivated within Okta and a deprovisioning workflow is kicked off to de-provision the user from downstream applications.

The workflow generates a notification to administrators and guides IT to complete any necessary manual identity management tasks associated with a particular user or application.

Identity management deprovisioning task list

Identity management deprovisioning task list

Deprovisioning Task List

As part of the deprovisoning process, some accounts need to be manually removed from the application directly. Certain accounts might be shared or used as a personal level. Okta creates a deprovisioning task list as part of the workflow that covers all outstanding users and accounts and ensures that all actions are clearly recorded.

Identity management audit trail and report

Identity management audit trail and report

Deprovisioning Audit Trail and Reporting

One of the biggest concerns related to deprovisioning is having the ability ensure and record that all administrative actions were taken and that users no longer have access to critical business systems. Within Okta, the entire audit trail is captured for reporting and audit purpose so that you can easily generate historical deprovisioning reports over time by user or by application.

Rules Driven Provisioning

Rules Driven Provisioning

Rules Driven Provisioning

Okta supports a flexible set of provisioning options across your cloud applications. From the Applications homepage with one click you can easily select a set of users and one or more applications and okta will automatically provision the necessary accounts and deploy access to those applications to the targeted users.

Provisioning rules for specific applications can be tied to group membership so that application assignments happen automatically when users are added to a group. Those Okta groups can also be mastered by groups in other systems like security groups in Active Directory so that adding a user to Active Directory with a membership in a “sales” security group can drive the downstream provisioning of a Salesforce.com account for a user via Okta automatically.

Similar to the deprovisioning workflow Okta also provides a provisioning workflow to manage the end to end process of on boarding a user and their application assignments, whether the underlying applications support automated provisioning or not.

Customize Behaviors with Rules and Processes

Easily automate and customize behaviors. Okta includes a rule engine that has an intuitive user interface that is a distinctively Okta. With a “point-and-click” wizard-based approach, configure rules that import new users, assign apps to people, set user properties in apps and deactivate users.

Stack up multiple rules to form processes, which can be triggered based on a variety of events.

As always, Okta is focused on delivering robust functionality built to be enterprise-grade with a user interface that is as easy to use as the best consumer applications.

Bi-Directional User Management Integrations

Okta enables applications that are integrated for user management in the Okta Application Network to handle bi-directional profile updates. Custom user attributes created in an application sometimes may need to be pushed to other applications or back down to Active Directory. Okta easily allows IT admins to keep those application-created attributes in sync.

For example, enterprise voice systems such as Microsoft Lync and Cisco Unified Communications often generate a SIP address. This address may need to be kept in sync between cloud-based and on-premises systems. Okta can import this attribute from the application, and write it to Active Directory or other applications.

Provisioning and Deprovisioning for On-Premises Applications

Okta's On-Premises Provisioning Agent extends Okta's ability to provision and deprovision users to any on-premises application or database using a standard SCIM-based interface. Enterprises can ensure access is granted to employees when they need it and automatically removed when necessary. The agent leverages the same secure, reliable architecture underlying Okta's existing directory integration agent that reads and writes to core directories such as Active Directory and LDAP and provides a more general-purpose way of interacting with on-premises systems beyond those two core directories.

Seamless Active Directory Integration

Through Okta’s deep Active Directory Integration you can automate Okta user creation and the provisioning and deprovisioning of accounts in your cloud applications.

Just in Time (JIT) Provisioning

With JIT provisioning enabled an Okta user account is automatically created the first time a user (who is a valid user in AD) attempts to log into Okta. This streamlines provisioning even further, adding Okta users with minimal work needed from IT.

Pre-Integrated Applications

Okta supports the broadest and deepest set of user management integrations across the cloud apps within the Okta Application Network. You don’t have to worry about how your vendor supports these features or do any integration work yourself, just select the app, configure your options, and deploy.


November 2 - 4, Las Vegas

Industry leading identity and mobility conference designed to showcase best practices for cloud and mobile adoption.

Save $200

Early Bird Price Expires August 31

Register Now