Lifecycle Management

Securely automate all lifecycles with any application or business process for external and internal users.

30 min

saved on every application provisioning request

30 min

saved on determining and configuring groups and entitlements

$20

per user saved in preparing for audits each year

Lifecycle Management
B2B Integration Icon

Pre-Integrated Provisioning

Okta’s Lifecycle Management tools provide rich integrations for mastering and provisioning that support coarse-grain to fine-grain management, for on-prem and cloud applications.

Okta Product - Universal Directory

Universal Directory

Directory and meta-directory, designed for integration to any app or directory, with lifecycle awareness and extensibility

Policy icon

Prescriptive Lifecycle Orchestration

Sophisticated control of identities across lifecycle states with automation through rules, policies, workflows, and APIs for full customisation

Compliance icon

Simple Access Governance

Identity governance with a focus on access and ease of use that provides account and entitlement reporting with comprehensive data

Pre-Integrated Provisioning

Okta’s Lifecycle Management tools provide rich integrations for mastering and provisioning that support coarse-grain to fine-grain management, for on-prem and cloud applications.

Integrated to Applications & Directories

Over 120 pre-integrated applications for provisioning and deprovisioning

Integrated to Applications & Directories
  • Hands off real-time user provisioning triggered by your preferred HR system or application, including Workday, UltiPro, BambooHR, SuccessFactors, G Suite and Netsuite
  • Integration to Active Directory or LDAP including extended rich profiles, group push, and license and role assignment all in a single pane of glass

Deep Integration

Identity-based lifecycle management goes beyond syncing users - sync groups, contacts and devices too.

Deep integration

Automatically detect different users attributes in different applications, along with application entitlements.

Match directory groups with application groups, assign and revoke licenses, and create a custom offboarding process.

Extensible

Extend the power of provisioning to your custom applications using SCIM.
  • Extend the power of provisioning to your custom applications using SCIM. Check out our SCIM Developer Programme ›
  • Use the Okta API to make any application the profile master
  • Get automated provisioning for any application using the cloud or on-prem provisioning SDK

Universal Directory

Directory and meta-directory, designed for integration to any app or directory, with lifecycle awareness and extensibility

Customisable Directory for Users Groups and Devices

Extensible user profile, group profile, device profile. The Meta-Directory features smart group rules to automatically group users based on attributes.

Customizable Directory for Users Groups and Devices
Lifecycle States

Lifecycle States

Easily see and change users through different lifecycle states.

Multi-source Integration

Multi-source Integration
  • OIDC and SAML Inbound JIT
  • Mastering users and groups from on-prem directories (AD/LDAP)
  • Master different attributes from different sources, like first/last name from HR and email from Exchange

Meta-directory with Attribute Mapping and Transformation

Meta-directory with Attribute Mapping and Transformation
  • Create a single source of truth by mastering attributes in the Okta profile from any authoritative source
  • Customisable attribute mappings with transformation via Okta Expression Language
  • Identity and profile sync

*Universal Directory is a separate product, and is a required purchase for customers buying Lifecycle Management

Prescriptive Lifecycle Orchestration

Sophisticated control of identities across lifecycle states with automation through rules, policies, workflows, and APIs for full customisation

Lifecycle Engine

Lifecycle Engine
  • App access and provisioning tied to lifecycle states
  • Create and deactivate accounts in applications
  • Manage entitlements
  • Group discovery, matching, push, and updates

Policies for Access Management

Policies for Access Management
Group membership rules
Policies for Access Management
Group mastering

Centrally manage groups from G Suite, Box and Active Directory in Okta

More
Group membership rules
Group membership rules

Access and entitlement rules based on any attribute

More

Access Requests & Approvals

Multi-step approval with specific people or groups

Multi-step approval with specific people or groups

Workflows to automate identity-centric business processes

Create custom workflows without code

Okta Platform Services - Workflows

Automations to control user lifecycles and notify users

Automate lifecycle-related tasks with a conditions & actions structure.

  • Configure automation (condition & action)
    Example: If user is in contractors group, suspend account on Day X
  • Run on a scheduled-basis or just once
  • Execute action only if condition is met
    Example: If user is in contractors group and is inactive for x days, suspend account
    Example: If user’s password expires in 7 days, send an email
    Example: If user’s custom attribute x == “inactive”, deactivate user
LCM Automations

Import inline hooks

Customise Okta’s default import process by calling out to custom logic (e.g. code running in AWS Lambda) during an import.

  • Create unique usernames based off your organisation’s policy
  • Match users based off your own rules
  • Enrich user profiles by retrieving attributes from other sources

ITSM, Workflow and Governance Integration

  • Integration to ITSM and Ticketing (via API)
  • Integration to third-party workflow and orchestration solutions (via API)

Simple Access Governance

Identity governance with a focus on access and ease of use that provides account and entitlement reporting with comprehensive data

Access Audit Report

Find who has access to what.

  • Find all users who have access to an application including advanced app attributes
  • Find all the applications a certain user has access to
Access Audit Report

Recent Unassignments Report

Find all users who were unassigned an app, when they were unassigned, and their current assignment status.

Recent Unassignments Report

3rd Party Identity Governance Integration

Governance API that publishes application account and entitlement data collected through discovery, and diff data vs. Okta system of record.

Lifecycle Management

$4 per month, per user

All products are priced per user per month, and billed annually.
*Lifecycle Management requires purchase of Universal Directory.
Listed price is for typical use cases. $1,500 per year contract minimum.