HR-Driven IT Provisioning

Download

From new hires, to promotions, to terminations, HR systems are typically the most up-to-date systems of record for employee information and status. However, just because information is up-to-date in the HR system doesn’t mean it’s the case across IT systems and applications. Out of date information causes security risks and lost productivity for IT and employees. Okta’s HR-driven IT provisioning solution provides pre-built integrations between HR and IT systems to keep everything in sync.

Read this whitepaper to learn how Okta’s cloud-based identity management service is the easiest way to integrate employee information from HR and IT systems, including Active Directory and other critical business applications.

Overview

The challenge

Historically, information from on-premises HR systems may have been manually synchronized by IT with on-premises Active Directory and then to enterprise applications. However, today’s companies are adopting an increasing number of cloud-based applications—email, CRM, content management systems—that hold critical business and customer information.

The proliferation of SaaS applications has introduced a number of issues:

1. Automation: Proliferation of SaaS applications and shadow IT isn’t always a good thing. Help desks have become burdened with an increasing flow of application access requests, leading to a patchwork of manual processes.

2. Sync Information Across Systems: Trying to keep employee data in sync using on-premises directories and multiple manual steps across an ever-changing set of applications is untenable. And it only gets harder as more people join the organization, change roles, update their own information, and leave it.

3. Make New Employees Successful on Day 1: Every IT organization wants each of their employees to be successful when they start work with the least amount of friction.

4. Immediately Removing Access for Employees That Have Left Your Org: Whether it’s through a voluntary or involuntary termination, application access needs to be revoked immediately to prevent breaches and the dissemination of sensitive data. HR-Driven IT Provisioning Okta Datasheet: HR-Driven IT Provisioning

5. Compliance: IT has enormous responsibility within any organization to not only ensure that employees have the correct levels of access but that the information is reported both internally and externally.

The solution

Okta’s cloud-based identity management service is the easiest way to integrate employee information from HR and IT systems, including Active Directory and other critical business applications. With Okta, multiple user credentials can be replaced with a single identity, driven from the HR system. Any changes made to a user information within an HR system are automatically communicated to Okta and synced across applications. Furthermore, Okta can update the HR system with information, like telephone number or email address, created within downstream applications.

Okta has pre-built integrations to the most popular HR SaaS applications including Workday, SuccessFactors, UltiPro, BambooHR, Namely, and G Suite. If your organization has a system that is not currently supported, whether cloud or on-prem, Okta also has mechanisms to support these systems like our On-Premise Provisioning Agent. Please contact [email protected] for additional details. New hire onboarding Both HR and IT want to get new hires up to speed as quickly as possible. Instead of waiting until a new employee starts and requiring them to file helpdesk tickets for the various applications they need, IT can automatically assign applications to an employee based on their group, role, or other attribute in the HR system. Okta’s integration with Workday even supports a pre-start interval for a user, in the event that some processes, like setting up a new computer, require additional time.

WPR HR driven logos

If your organization has a system that is not currently supported, whether cloud or on-prem, Okta also has mechanisms to support these systems like our On-Premise Provisioning Agent. Please contact [email protected] for additional details.

New hire onboarding

Both HR and IT want to get new hires up to speed as quickly as possible. Instead of waiting until a new employee starts and requiring them to file helpdesk tickets for the various applications they need, IT can automatically assign applications to an employee based on their group, role, or other attribute in the HR system. Okta’s integration with Workday even supports a pre-start interval for a user, in the event that some processes, like setting up a new computer, require additional time.

Updates

Organizations are dynamic, with employees changing department, role and geographic location with the demands of the business and the individual. While HR may try to keep its system up-to-date, these changes don’t always make it to IT systems. This is problematic, as employee info and status often map to different levels of authorization within applications. In addition to HR making these updates, many modern HR systems enable employees to make self-service updates to their information, making it difficult to ensure that scheduled syncs catch the latest info. Okta can sync updates from HR systems in real-time and automatically apply them across IT systems and applications. This can reduce helpdesk tickets from employees asking for new applications and permissions or requesting password resets. The synchronization also assists with compliance requirements by ensuring that employees don’t maintain access or elevated permission levels in systems they no longer need. Okta can even help manage authorization for more complex scenarios, like workers going on maternity leave or seasonal employees, where states and authorization levels change frequently.

Offboarding

Most companies have checklists for when an employee leaves a company. However, ensuring that employees are deactivated from systems quickly is another question. Instead of HR having to file helpdesk tickets with IT to deactivate users or waiting for the next scheduled sync, Okta’s integration can automatically deactivate users across downstream apps, including AD, upon a status change in an HR system. This speedy synchronization better protects organizations from data loss and ensures that an organization isn’t paying for orphaned accounts that can increase its attack surface area. Okta goes even further with its offboarding for some top apps, like Box, and enables automatic reassignment of employee content to an administrator or manager to ensure business continuity.

Why use Okta?

• Automated provisioning and deprovisioning of users across apps driven by HR systems

• Automated AD account creation and deactivation driven by HR systems

• Automated AD password management

• Scheduled synchronization (hourly, daily, or on-demand)

• Single sign-on for HR systems and all other applications on all devices

• Adaptive Multi-Factor Authentication

• Centralized reporting and audit of user access across all

• Pre-built integrations with over 5,000 applications

Easy to install and configure

Connecting HR systems to Okta can be done in minutes. Just configure the HR application in Okta, establish the HR app as an import target, and set up single sign-on via SAML (Security Assertion Markup Language). The last step will allow seamless access to the HR system once a user is created in Okta.

Okta Integration Network

In addition to our integrations with HR systems, Okta offers pre-built integrations to over 5,000 SaaS and on-premise applications in its Okta Integration Network. These integrations amplify the power of our HR integrations because they enable Okta to automatically enable single sign-on and user provisioning for downstream apps without professional services nor development investments. Okta collaborates closely with HR and application partners to make enhancements to the integrations and streamline provisioning workflows.

Learn more about HR-driven IT provisioning and our HR integrations at:

https://www.okta.com/directories-and-systems-of-record/

Top of Page