Lifecycle Management
Automate all lifecycles with any business process for external and internal users.
30 min
saved on every application provisioning request
30 min
saved on determining and configuring groups and entitlements
$20
per user saved in preparing for audits each year

Pre-Integrated Provisioning
Rich integrations for mastering and provisioning that support coarse-grain to fine-grain management
Integrated to Applications & Directories
Over 120 pre-integrated applications for provisioning and deprovisioning

- Hands off real-time user provisioning triggered by your preferred HR system or application, including Workday, UltiPro, BambooHR, SuccessFactors, G Suite and Netsuite
- Integration to Active Directory or LDAP including extended rich profiles, group push, and license and role assignment all in a single pane of glass
Deep Integration
Go beyond syncing users - sync groups, contacts and devices.

Automatically detect different users attributes in different applications, along with application entitlements.
Match directory groups with application groups, assign and revoke licenses, and create a custom offboarding process.
Extensible

-
Extend the power of provisioning to your custom applications using SCIM. Check out our SCIM Developer Program ›
- Use the Okta API to make any application the profile master
- Get automated provisioning for any application using the cloud or on-prem provisioning SDK
Universal Directory
Directory and meta-directory, designed for integration to any app or directory, with lifecycle awareness and extensibility
Customizable Directory for Users Groups and Devices
Extensible user profile, group profile, device profile. The Meta-Directory features smart group rules to automatically group users based on attributes.


Lifecycle States
Easily see and change users through different lifecycle states.
Multi-source Integration

- OIDC and SAML Inbound JIT
- Mastering users and groups from on-prem directories (AD/LDAP)
- Master different attributes from different sources, like first/last name from HR and email from Exchange
Meta-directory with Attribute Mapping and Transformation

-
Create a single source of truth by mastering attributes in the Okta profile from any authoritative source
- Customizable attribute mappings with transformation via Okta Expression Language
- Identity and profile sync
*Universal Directory is a separate product, and is a required purchase for customers buying Lifecycle Management
Prescriptive Lifecycle Orchestration
Sophisticated control of identities across lifecycle states with automation through rules, policies, workflows, and APIs for full customization
Lifecycle Engine

- App access and provisioning tied to lifecycle states
- Create and deactivate accounts in applications
- Manage entitlements
- Group discovery, matching, push, and updates
Automations to control user lifecycles and notify users
Automate lifecycle-related tasks with a conditions & actions structure.
|
Example: If user is in contractors group, suspend account on Day X |
|
|
|
Example: If user is in contractors group and is inactive for x days, suspend account Example: If user’s password expires in 7 days, send an email Example: If user’s custom attribute x == “inactive”, deactivate user |
Import inline hooks
Customize Okta’s default import process by calling out to custom logic (e.g. code running in AWS Lambda) during an import.
- Create unique usernames based off your organization’s policy
- Match users based off your own rules
- Enrich user profiles by retrieving attributes from other sources
ITSM, Workflow and Governance Integration
- Integration to ITSM and Ticketing (via API)
- Integration to workflow and orchestration (via API)
Simple Access Governance
Identity governance with a focus on access and ease of use that provides account and entitlement reporting with comprehensive data
Access Audit Report
Find who has access to what.
- Find all users who have access to an application including advanced app attributes
- Find all the applications a certain user has access to

Recent Unassignments Report
Find all users who were unassigned an app, when they were unassigned, and their current assignment status.

Rogue Accounts Report

- Detect Orphan accounts for any app
- Automated detection for provisioning enabled applications
- CSV import option for any application managed in Okta – cloud or on-prem
3rd Party Identity Governance Integration
Governance API that publishes application account and entitlement data collected through discovery, and diff data vs. Okta system of record.
Lifecycle Management
$4 per month, per user
All products are priced per user per month, and billed annually.
*Lifecycle Management requires purchase of Universal Directory. Listed price is for typical use cases.
$1,500 per year contract minimum.
Customer Journey
Okta makes the Day One experience delightful for Medallia new hires

>900%
ROI