Checklist: Considerations for an HR-Driven IT Provisioning Solution

Onboarding new employees requires collaboration between two teams: HR and IT. Since HR is the first to change an employee’s status (e.g., hire, update, or terminate), they must relay the information to IT, who then creates app accounts, assigns devices, etc. However, HR often communicates with IT in manual ways (e.g., file extracts, phone calls, emails, and even in-person visits!) that don’t always scale. Furthermore, manual processes invariably result in mistakes such as propagating erroneous data or assigning incorrect access—clearly a security risk.

Automating your onboarding and offboarding processes with HR-Driven IT provisioning eliminates the pain of managing user lifecycle processes while reducing your security risks. As you evaluate an HR-Driven IT provisioning solution, take time to consider the following needs.

What Are Table Stakes?

When automating your identity lifecycles by connecting HR and IT, you expect the solution to do several things: create accounts, update them, and deactivate them based off triggers from the HR Information System—these define your table stakes

Key questions to consider:

  • Make employees productive from day one: Can the solution automatically onboard people a few days early to get them fully provisioned by the time they start?
  • Update user data behind the scenes: Can the solution automatically update IT accounts when personal data (such as last name) or professional data (e.g., job title) changes?
  • Decrease security risks when employees leave: Can the solution automatically offboard people when they leave the organization?
  • Import and modify any attribute: Does HR contain “dirty” data that must be transformed or formatted before pushing to IT systems? Can the solution do that without custom code?

Automate your identity lifecycles by connecting HR and IT.

Architecture, Connectivity, and Flexibility

Vendors that connect HR and IT vary greatly across architecture, connectivity, and flexibility, which makes evaluating them very difficult. It’s key to understand how the solution is deployed, whether it supports your HR and IT systems, and whether it addresses all user lifecycles. With this in mind, you can better estimate costs for maintenance, infrastructure, and custom development. Hint: Okta minimizes your costs.

Key questions to consider:

  • Architecture and maintenance: Is the solution a pure SaaS offering or are there on-prem components? If the latter, how is high availability achieved?
  • Integrations with HR: Does the solution have a connector to your HR system? If not, does it provide a way to build one (on-premises or cloud)?
  • Integrations to IT systems: Does the solution offer connectors to your IT apps, including Active Directory? How broad and deep are those connectors?
  • Frequency of synchronization: How does data get from the HR system to IT systems; is it through manual imports, automatic imports, real-time sync? Does timeliness matter?
  • Managing external users such as contractors: If external users are not in your HR system, can the solution elegantly handle the lifecycles of those users?

Business Processes and Agility

Many prospective customers focus on the aforementioned table stakes, but overlook specific onboarding/ offboarding flows that are fairly common. An HR-driven IT provisioning solution should handle those flows. Otherwise your IT team may cobble together non-maintainable scripts or resort to manual processes.

  • Onboarding conflict resolution: How does the solution handle two John Smiths? Does it offer out-of-the-box logic or custom configurations?
  • Bidirectional sync: Data typically flows from HR to IT, but sometimes it goes the other way. For example, IT creates the work phone and work email which should flow back to HR. Can the solution handle that?
  • Contractor to employee conversions: Companies frequently hire contractors into full time roles. Can the solution seamlessly do this without killing accounts or access?
  • Granular choices for offboarding: IT teams want flexibility in offboarding scenarios. In some cases, deactivating immediately is needed. In other cases, preventing a user from logging in (but not deactivating the account) is desired. Does the solution offer agility?

Security—Eat It, Live It, and Breathe It

Automating your onboarding and offboarding processes provides clear monetary benefits. However, you shouldn’t overlook the security benefits a solution can offer.

Key questions to consider:

  • Appropriate access: Can the solution provision users with the right access based off the user’s attributes or group memberships?
  • Audit compliance: Does the solution log and track how users were granted access to apps? Is that data easily extractable for auditors or the security team?
  • Minimize data breaches: Does the solution deprovision unused accounts quickly after termination?
  • Security policy: Does the solution offer offboarding capabilities that adhere to company policy such as the following:
    • Termination flexibility
    • Involuntary vs. voluntary
    • Last day worked vs. termination date
    • Time zone of location

So, what should you be looking for?

  • Protection against data breaches
  • Audit support
  • Automation of lifecycle for your entire workforce—internal employees and external contractors/partners
  • Native integrations to the applications you care about the most
  • Onboarding + offboarding flexibility
  • The power to spin up new employees quickly
  • Savings in time and money

Savvy leaders want an HR provisioning solution that can automate tedious tasks, save time and money, and make their IT and HR data transfer more efficient. Use the checklist above to discover if automated provisioning is right for your company. For more details on how Okta can help securely provision and deprovision in your organization, see

About Okta

Okta is the leading provider of identity for the enterprise. The Okta Identity Cloud connects and protects employees for many of the world’s largest enterprises. It also securely connects enterprises to their partners, suppliers, and customers. With deep integrations to over 5,000 apps, the Okta Identity Cloud enables simple and secure access from any device. Thousands of customers, including Experian, 20th Century Fox, LinkedIn, Flex, News Corp, Dish Networks and Adobe trust Okta to work faster, boost revenue, and stay secure. Okta helps customers fulfill their missions faster by making it safe and easy to use the technologies they need to do their most significant work. For more information, go to