Workday Driven IT Provisioning
For enterprises using Workday for Human Capital Management (HCM), Workday is often their authoritative source of user data and thus identity management. All stages of an employee or contract worker's status - including pre-hire interview process, start-date, transfers and terminations - are all managed and initiated within Workday. However, in many cases IT must synchronize Workday user records with AD and various applications manually when a user is on-boarded and as they change roles over time and in some cases, end users themselves are involved in updating their own user profile information in Workday. When a user is terminated, the Workday account might be disabled while the AD account and other application access is still active - creating real security risk.
Traditionally, integrating HCM with a legacy identity management system to close this gap was a massive project costing millions of dollars, spanning many months of implementation and resulted in a brittle solution that was expensive to maintain over time. Okta and Workday are changing that, bringing Identity Management and Human Capital Management together with a pre-integrated offering that is easy to deploy, effective and cost efficient.
Okta automates user management into all leading cloud and web applications, and this process typically starts from a corporate directory like Active Directory. Now, with Workday-driven identity lifecycle management those provisioning and deprovisioning processes can be driven automatically from Workday via Okta identity management. And unlike integrations between HCM and Identity Management systems in this past, this integration is productized, robust, and cost effective to implement and maintain over time.
Okta and Workday have a strong, comprehensive partnership that spans executive management, R&D, sales, and services. More than simply writing to a Workday API, Okta and Workday jointly developed this identity life cycle management functionality, introducing new features such as Workday Provisioning Groups in Workday and an enhanced provisioning workflow in Okta.
Okta's philosophy on directory and application integration is to deliver pre-built, turnkey solutions. The Workday integration is no different: through Okta, the Workday-driven provisioning configuration can be finished in minutes and the entire end to end solution can be rolled out as a part of a fixed price services offering. No custom software development or ongoing maintenance of custom code required.
Okta identity management maps and synchronizes Workday employee attributes to Active Directory user attributes. Okta also manages the entire provisioning workflow – including scheduled imports from Workday, AD account creation, temporary password generation and new user notification. On day one, a new user can log into her Windows domain using her temporary password and can immediately access applications using her AD credentials. Security and simplicity.
With Okta identity management, AD Security Group memberships can be created according to Workday Provisioning Groups. Okta can also automate application provisioning, with appropriate authorization levels, based on the Provisioning Group information. If a user is terminated in Workday, or if their group membership changes, Okta pushes the change downstream to automatically deactivate AD accounts, deprovision applications and/or change authorization levels No more manual processes.
In addition to identity life cycle management, Okta also offers a full suite of identity management features for Workday, including single sign-on, multi-factor authentication and centralized administration and reporting to provide secure access to Workday from any device at any time.