Lifecycle Management 101

Sarah Farnsworth-Kumli: Hello. Welcome everyone to our Lifecycle Management 101 Session. Thank you all for joining us today. I am Sarah. I am joined by Sonali. We're both solution engineers here at Okta, and Nima is going to be joining us from Merz Pharma to walkthrough how they have implemented lifecycle management.

Sarah Farnsworth-Kumli: As you know, Okta is a public company. And so, we're flagging any forward-looking statements. We share our subject to change, so feel free to read this Safe Harbor notes in depth at your leisure. A lot of text, hit us up if you'd like us to email it to you.

Sarah Farnsworth-Kumli: To start, this session is meant to be a one-on-one introduction session, so lifecycle management. We're going to keep things pretty high level. If they're wanting, if you were looking to take your lifecycle management knowledge to the next level, we do have some awesome sessions aimed at you. Workflows for Lifecycle Management is at one o'clock today, as well as HR as a Master is at 2:00 PM today. Both of those are Pacific Time, so definitely suggest you check those out. But we are going to wax poetically about lifecycle management, what it is, how we got here, and even hear from Merz how they have implemented it in the wild.

Sarah Farnsworth-Kumli: So starting at that base level, lifecycle management is the process of maintain the lifecycle of a user account as it goes from onboarding through role changes and through termination. So we're talking across all sorts of different systems, and applications, like directories. Lifecycle management at all organizations is filled with a lot of challenges. We've got an explosion of users, devices, and applications. All those need to be connected, right? Plus we have different types of users. We've got employees and contractors. Those are going to have different lifecycles. Also, our decision making process isn't just contained within IT, you've got business app owners who are managing applications and deciding who gets access.

Sarah Farnsworth-Kumli: And finally, we might be working with a legacy identity management solution that can't handle a lot of today's challenges within the cloud. If you drill down to the technical details of lifecycle management, you quickly find out that onboarding and offboarding users is pretty complex, right? We use the terms joiner, mover, leaver to describe the steps in managing a user's lifecycle. So in that joiner phase, that's going to be when a user is created within a source system. That could be many things. It could be an HR system, a directory, even self-created accounts. In that joiner phase, you're going to want to automate as much as possible, right? Granting access to those birthright apps. These are going to be like email, storage, payroll.

Sarah Farnsworth-Kumli: And in that mover phase, you need to account for all sorts of scenarios. Luckily, we, as humans, are not a static set of attributes. We do things like get promotions, job changes, profile changes, marriages, last name changes, even temporary leaves of absence. So every organization handles these types of changes differently, which is why it's difficult to come up with a cookie cutter approach. And also we have that leaver phase, right?

Sarah Farnsworth-Kumli: How do you handle people who leave your organization? Is this an immediate termination? Or is it scheduled? Does the terminated user lose all access? Or should they retain some time bound access to something like payroll? Again, every organization has their own policies for how they handle this, and that's partly what makes lifecycle management so challenging.

Sarah Farnsworth-Kumli: Let's look at a common scenario to understand where things breakdown. At many organizations the HR department is the authoritative source of truth. They're the first to record that new hire's data. They're also the first to record when an employee is terminated. So it does make sense for IT to follow the actions of the signals that HR is giving them. The problem is that HR commonly notifies IT about onboarding and offboarding events in very manual ways. So they file tickets, they send emails, transfer file dumps. We even had a customer tell us that they get a sticky note with each new hire's name on it and the applications that they need provisions. So, at the end of the week, IT has a desk full of sticky notes. That's a super manual, disconnected, and unsynchronized process, which was super painful.

Sarah Farnsworth-Kumli: And there are several reasons why this is painful. Beyond that example, manually provisioning accounts doesn't scale. It's really inefficient and error prone. And when you're manually assigning access to applications, it can easily result in security issues. The pain is only going to grow larger as your organization grows, right? Stuff is burdening your IT department and your HR department. If you're only onboarding a few employees a week, with just one or two applications, maybe you can get away with this manual process. But as you onboard more employees, and you give them access to more applications, things are going to start to fall through the cracks.

Sarah Farnsworth-Kumli: And that productivity isn't just limited to your IT team, right? That's also going to impact these newly onboarded employees. They can't do their work if their resources and applications aren't provisioned within a timely manner.

Sarah Farnsworth-Kumli: Our vision with Okta's lifecycle management is to manage all lifecycles for any identity, in any business process. This is going to start with a single source of truth. You have to onboard the user somehow, right? And that's sourcing the user from somewhere, and that somewhere could be an HR system. It could be a directory. It could be a database. You could also have end users entering in their own information on a registration form. You could have a manager inputting that information manually, or you could even have a social login where employees are logging in with their Facebook account, and that information is consumed within the system.

Sarah Farnsworth-Kumli: These are all things that Okta's Universal Directory can support as a source of that user's onboarding. But Okta's Universal Directory is much more than just a user store, right? It allows us to consolidate users from various sources, yes. But it also allows us to create our own attributes, and extend those user profiles and build out our custom schema. So later, I could do something like attribute transformation, where I can take an attribute from Active Directory, I can manipulate it using the Okta Expression Language, so it fits the requirements of that downstream application that I want to provision to.

Sarah Farnsworth-Kumli: Next, we don't want to manually be responsible for every step in that joiner move or leaver process. It would be great if we could opt for a more automated approach. So in this diagram, we have Okta sitting between HR and IT. Okta's talking directly to the HR solution and is provisioning and deprovisioning accounts and all of the applications to the right. But you could, just as easily, if you want Okta to master from Active Directory, you could configure that. Sonali will walkthrough that in our demo a little bit later.

Sarah Farnsworth-Kumli: And lifecycle management is handling all types of users' lifecycles that are going to be managed differently. So we have those full-time employees' lifecycles that might be coupled with an HR system. But a contractor's lifecycle might require policies that can set an automatic end date, right? We could also drive access based on a user's context. We could use info about that user's department or region in provision access. And lifecycle management can also automate the process of requesting application access and getting approvals. So, for example, I joined the marketing department, super excited about my new job. Three weeks in, I realized I need access to Marketo, and it was not a part of my birthright applications.

Sarah Farnsworth-Kumli: So I can request a license for Marketo, and even be approved by an application administrator. So, maybe, that's a manager within the marketing department and get access. And IT doesn't have to answer that ticket. It makes it a lot easier.

Sarah Farnsworth-Kumli: We just looked at automated lifecycle management process. Let's take a look at all of the applications that we can leverage this process with. Because Okta is best of breed, we have a lot of traction in getting best of breed software companies to integrate natively with our product. And that is why Okta's integrations are really much stronger than that of our competition. We're in touch with what's happening with all of those applications that we integrate with, and we provide these out of the box integrations, which are extremely easy to configure. And they just work, because we have these best of breed companies that continue to keep our partnerships alive.

Sarah Farnsworth-Kumli: We're constantly getting notified by them of, "Hey, we've made a code change here. You need to update this on your end." The beauty of it is that you don't have to worry about any of that code. It's all just a point and click, turn the feature on, you're ready to go. We handle everything on the backend.

Sarah Farnsworth-Kumli: And our catalog of integrations is constantly growing. You can see, this is just the process we've made since Okta 18. And we've updated our catalog to further allow for easier browsing and deploying of applications. You can sort by HR system that we can master from and have added more types of integrations.

Sarah Farnsworth-Kumli: We've taken a look at different applications and how the lifecycle is managed within those applications. Let's see how all that information is recorded. Everything is audited within our system logs. You can see, it looks a lot like this slide. So if you have an auditor, who's coming on site, you need to know who has access to what, who decided to give them access to that application, all of that can be found by doing very granular searches within the system log, so that we have a canned report that you can just say, "Hey, what does Sonali have access to today?" It'll print you out a list of all of those different applications. Very easy.

Sarah Farnsworth-Kumli: Well, you have heard me yap for quite a significant amount of time. I'm going to throw it over to Sonali, who's going to walk us through a demo of lifecycle management.

Sonali Singh: Awesome. Thanks, Sarah. Hey, everyone. My name is Sonali Singh and I'm a solutions engineer here at Okta. Hope you're enjoying our session here so far. Sarah did a great job at explaining what lifecycle management really is, but, as we know, words aren't always enough. So with this demo, I'm going to showcase everything that Sarah just talked about in terms of what our lifecycle management features are. I'll mainly be focusing on how a user operation gets pushed from a profile master. So, in the case of this demo, Active Directory to Okta, and then to any downstream applications.

Sonali Singh: I'll be leveraging Salesforce and I'll show you how everything within my Salesforce account gets updated. Now, referring back to what Sarah talked about earlier, I'll be showing you three main functionalities. So starting with the first thing, user onboarding. As a new user, or as a new employee is hired, you go ahead and add that user to your profile master. How that information is then pushed from that profile master to Okta and then to those downstream applications.

Sonali Singh: Next, we'll be looking at updating user attributes. So when people move within the organization, they get promoted, or their information changes, for example, things like their role, their department, their title. Or people have personal life changes, just say, someone has moved and we need to go ahead and update their address attribute. I'll show you how all of that can be done in your profile master synchronized over to Okta, and then to all of those downstream applications. And then, lastly, we'll be looking at user offboarding. Say when someone leaves the organization, you need to go ahead and deactivate that user. I'll go ahead and show you how that can be done directly in your profile master. And, again, how that information can be synchronized over to Okta and then to all of those downstream applications.

Sonali Singh: With that being said, I'll go ahead and get started with the demo, and walk you through lifecycle management in action. All right, so here on my screen I have my Okta Admin Console, which allows me to manage my users' applications and security under a single pane of glass. For my profile master, I have my on-prem Active Directory pulled up here, so as we onboard my new user, all that's going to be happening within my Active Directory. You can also use Okta as the profile master, where you can easily create and manage user profiles and groups all within our Universal Directory here.

Sonali Singh: Now, I know I used the word, profile master, a lot. And some of you might be wondering, "What does she mean by that?" Well, profile master is essentially your source of truth. It can be thought as that top level directory that's used to validate any user information, and it's what's going to be used to perform the CRUD, or create, read, update and deactivate operations. As you can currently see, I'm in my Universal Directory, which is a cloud based directory and I'll show you how profiles within this get updated as I make changes in my Active Directory.

Sonali Singh: Now, since I'm in my directory tab, I also wanted to pull up my AD integration, and tell you, and show you, how that's been configured. If I navigate over to directory integrations and into my Active Directory. In terms of the architecture, Okta has a lightweight AD agent that can be downloaded on any member server and it communicates outbound to Okta over port 443. If I navigate to my people tab, you can see that it already has some users that have been pulled in from my Active Directory. In terms of provisioning, provisioning can be configured bidirectionally, so from Okta to AD, as well as from AD to Okta.

Sonali Singh: As an admin, you have some configuration options here around how often you want to schedule that import. If you want to enable jet provisioning. You also have some configuration options around user creation and matching. So how that maps and profile, and lifecycle mastering. Another thing I wanted to point out here is how attribute mapping works. You have a certain number of attributes within Active Directory. You can also go ahead and configure how that information maps over to Okta all within our attribute mapping portion or section.

Sonali Singh: From here, I do also want to talk to you a little bit about groups. So if I navigate back to my groups tabs here, you'll notice I have a few different types of groups within my Okta tenant here. I have some from applications, some from directories, some are from HR solutions, and I also have some Okta local groups. There are two type of groups that I want to talk to you about in particular. The first one is my everyone group. Anyone who's added to my Okta tenant by default is a part of my everyone group. If your organization has any birthright applications, or applications that everyone needs access to, you can also go ahead and assign that to this group. And as users are onboarded, Okta can automatically go downstream and assign those applications to them. So the first day a user starts, they're all set to go with the applications they need access to.

Sonali Singh: The second type of groups are those that only accessible to a particular set of users. So let's go ahead and take a look at my sales group, which I have created here. This is obviously particularly for my sales team. Anyone who's a part of my sales team should be added to this group. I also have some applications which I have assigned particularly for my sales team here. So, essentially, if we look at it, what I want Okta to do is, when a user is being onboarded based on certain attributes, I want them to automatically be assigned to those appropriate groups and applications that they'll be needing access to.

Sonali Singh: Now, you must be wondering, "Well, how can we do this?" Good question. The way this can be achieved is by leveraging group rules. These rules automate that entire group and app assignment process. So if you can see here, on my screen, I have a few different rules that I have created. That if we were to dive in deeper into a particular rule, let's say my sales rule here, you can see that it says, "If a user's organization is equals to sales, then go ahead and assign them to my sales group." Now this rule is fairly simple, but we can get pretty granular with these, so really allowing you to customize it to fit your need.

Sonali Singh: Now, from here I also want to talk to you a little bit about applications, and how that configuration can be set up. I'll go to navigate over to applications and pull up my Salesforce instance that I have configured. If we go ahead and look at it, in terms of settings and sign on methods, I have Samuel configured for my Salesforce here. I've also gone ahead and enabled provisioning. Again, this can be done bidirectionally. But from Okta to Salesforce, I've gone ahead and enabled my create update and deactivate options here, which means I can perform all of these actions in Salesforce directly from my Okta tenant here.

Sonali Singh: I do also have my Salesforce instance here, so as we make changes we're going to be checking Salesforce to make sure all of those changes have been pushed over to Salesforce. With that being said, let's go ahead and get started by onboarding a new user. I have a new hire, Sarah Farnsworth-Kumli, who's joining my sales team as a solutions engineer. And, as you can see here, I've already gone ahead and created a profile for Sarah. I've gone ahead and added all of the information I wanted to in her profile. So let's go ahead and import her over to Okta now. If you remember from a little bit earlier when I showed you my AD configuration, I have scheduled imports set to every hour. So Okta will check every hour to see if there have been any changes in my AD, and it will import over any new information.

Sonali Singh: If we were to wait for the next import, the information and the profile I created for Sarah would be imported over and pushed to Okta automatically. But for the sake of this demo, and everyone's time, I'll go ahead and do a manual import. If I go ahead and hit import now, it might take a few seconds. We'll just let that import happen. Let's go ahead and see if that information gets pushed over. As I can see here, it lets me know one new user was imported. If I look at my list of imports, I see Sarah has been imported, so let's go ahead and confirm that assignment. And now that we've confirmed her assignment, let's navigate back over to my Universal Directory to make sure that Sarah is indeed an active user.

Sonali Singh: We see that Sarah is here. I notice that Sarah has all the applications that she needs access to. I also notice that the profile master is Active Directory, so Okta does let me know what my profile master is here. If I navigate over to groups, I can see that Sarah is, not only a part of my everyone group, but based on those group rules that we had create earlier she was added to my sales group, as well. Now, if we take a look at here profile, we notice that all the information I had filled out within my Active Directory did get pushed over to Okta. At this point we see that Sarah's profile has been created within Okta. All that information has been pushed over, but let's go ahead and check Salesforce to confirm that Sarah is, indeed, and active user.

Sonali Singh: So if I navigate over to my active users, we can see that there has been an account that's been created for Sarah here. And now, when she starts, she'll be ready to go ahead and use Salesforce at that point. If I go ahead and click on Sarah's account here, we can also see that her profile information has been populated over, as well. Now, from here, let's go ahead and take a look at that next step. So a few months down the line Sarah's doing amazing at her job, she's getting promoted to a manager role, because she's doing so well, and she's had some exciting personal life changes, as she recently got married. What I want to do at this point is update Sarah's profile to reflect these changes, so let's go ahead and do that.

Sonali Singh: And I also want to go ahead and update her email. And then we'll go ahead and update her title too, as she's a manager now. Let's go ahead and save these changes and go back to our AD integration and do that manual import again, just so that we can push that information and see that update right away. We'll go ahead and do that import. As we can see here, I have an existing user that has been updated. Now let's go back over to my Universal Directory and see what those updates are. So that's the wrong Sarah. If I come in here, I notice that Sarah's name has been updated along with her email. I can see that she's been assigned to a new set of applications. If I go over to groups, I see that she's still in my everyone group. But instead of my sales group, she's been added to my sales manager group.

Sonali Singh: In her profile, we notice that her title has been updated to a manager of solutions engineering. And then, if I navigate over to Salesforce, and refresh this page, we can see that the information around her user name has been updated along with her title and department, as well. So all the information was not just pushed to Okta, but also to those downstream applications. Now let's go ahead and take a look at that last piece. A year down the line everything is going great, but Sarah has this brilliant idea that she wants to start her own company. Unfortunately for us, that means she's leaving and we need to deprovision her. So I'll go ahead and delete her account in my Active Directory here. And I'll go ahead and do that last import within my AD integration. Let's go ahead and go back to import, and do that import here. It might take a few seconds again, so we'll just let it finish up.

Sonali Singh: While we wait, we can see that one user has been removed. If I navigate over to my Universal Directory and search for Sarah, we see that her account has been deactivated. All the applications she had access to has been revoked. If I go over to Salesforce and refresh this page, we notice that Sarah is no longer an active user here. So when she tries to access her Salesforce account, that access will be denied. At this point, you've seen how lifecycle management works in action. You've seen that onboarding, updating profile, and deprovisioning piece, or offboarding the user. And it's great that we can automate the lifecycle of the user, but another important thing is gaining that visibility of all of these actions that were just performed. And this can be crucial from an admin or a security perspective.

Sonali Singh: So Okta does provide you some reports. If we navigate to reports, we notice that there are some out of the box reports, as well as our system log here. Our system log records each action that's been performed in Okta. You can also dive in deeper around each action to get more granular in those details. And if you're using a SIEM tool, such as Sumo Logic or Splunk, you can easily pull off of this data into that using our events API, or download it as a CSV.

Sonali Singh: At this point, I know you've heard the Okta story. But now I'd like to hand it over to one of our current customers, Nima, from Merz Pharma to tell us a little bit about what their struggles were, and how lifecycle management helped them. So, over to you Nima.

Nima Attarzadeh: All right. Thank you, Sonali and Sarah. Thank you very much. My name is Nima Attarzadeh. I'm part of the Merz Global IT Team and responsible for Okta globally. Today, I would like to share our journey in regards of identity lifecycle management with Okta. First, I would like to give you a brief overview about Merz and also show you the partnership between Okta and Merz. Further on, I'm going to present you the challenges we faced before utilizing Okta. And also, go through the journey with Okta in regards of identity lifecycle management. Further on, I would like to show you the benefits and review the journey. And last, but not least, go through the lesson we learned through that journey.

Nima Attarzadeh: Great. Merz is a global family owned healthcare company. Our mission is to become the most admired, trusted and innovative aesthetics, therapeutics and consumer care company. We have a global workforce of more than 3000 employees. And have globally 34 subsidiaries in Americas, Europe and Asia Pacific. We started partnering with Okta in 2017. And we rolled out Okta for our employees, customers and partners. We are utilizing Okta for our central and strategic services, which includes also single sign on, adaptive MFA, identity discover provider, and lifecycle management, of course, and many, many more services in regards... Sorry. We are utilizing Okta for central and strategic services, including single sign on, adaptive MFA, identity discover provider, lifecycle management and many more security features which Okta provides.

Nima Attarzadeh: The challenges we faced before utilizing Okta was decentralized identity management. As we are working in a global environment, we had multiple systems where identity were managed and it was hard for us to maintain them. It was really linked with a lot of internal effort and manual effort to keep them updated, to manage them, to monitor them. And, furthermore, it was also frustrating for a lot of users as they had multiple accounts for multiple platforms and it costs, also, a lot of frustration as they keep forgetting their username, their password, and their URLs to each system, which also caused a lot of costs as they opened a ticket for each of these cases. Furthermore, as part of onboarding and offboarding process, a lot of manual efforts was involved, which caused, also, a lot of internal effort and it caused, also, inefficiency.

Nima Attarzadeh: Furthermore, in regards of the policies and standards we had in place, as we had multiple platforms there were no global standards, we had to maintain each policies for each specific system, and it was hard to have a global overview of them. And we also we want to ensure that we provide best service to our partners, customers, employees it was difficult to ensure the scalability and availability of the systems. Furthermore, also the interfaces and integrations into each systems and platforms, and upcoming projects, was also challenging for us to ensure that this is given, and that was one of the challenges we faced.

Nima Attarzadeh: And last, but not least, the security and compliance as we need to ensure, especially when we are dealing with identities, we need to ensure that we provide a secure solution, and it was really difficult, challenging, to ensure that we monitoring all the systems, we keep all the systems up-to-date, and patch all the systems, and make sure they are secure. It was one of the pain points we had for utilizing Okta.

Nima Attarzadeh: Right. Based on these challenges, we identified that we need a strong identity provider, which can act as a backbone of our infrastructure. And, therefore, we start working with Okta. Together, we identified a strategy and a journey for our identity lifecycle management. We split this journey into different phases. Phase one, we focused on our customers and partners. As you can see here, we do provide a customer portal, which is based on a Salesforce platform. And we provide a lot of services on this portal. With Okta we are able to provide lifecycle management, and single sign on, and security policies for all these customers and partners, as this platform is connected to our specifically Okta tenant, only for our external user and customers.

Nima Attarzadeh: This Okta tenant is, again, connected to our internal Okta tenant, which allows single sign on, adaptive MFA, and many more features only for our employees. Again, this tenant is again connected to our Active Directory. If a user, employee, or colleague wants to access the platform, the customer portal platform, we can do that with the same user journey as there is an Okta to Okta connection between our internal tenant and an external tenant and makes all these interfaces. It makes for the user, very seamless and state-of-the-art user journey through these tenants. And based on the lifecycle management features and the automation in place, it provides a great state-of-the-art journey for the users and customers overall.

Nima Attarzadeh: Right. On the second phase, we focus on employees and I need to mention that we are still in progress of implementing that. This is still going on, but the goal is, as we just learned earlier, we are talking about joiner, mover and leaver. The idea is to implement a process, an automation workflow, that help us to reduce the internal effort as a joiner comes in. And we provide access, which is required, deploy the policies, and foster policies, and gather all the attributes, which are probably maintained in multiple systems under one umbrella, bring them together, and if there is any update, make sure it is deployed and accurate. And if the colleague leaves the company, we go through the offboarding process and deprovision their account.

Nima Attarzadeh: As Okta, as we also learned earlier, provide a huge repository as Okta integration network. It brings a lot of out of the box solution and interfaces. If this is still not enough or sufficient, we still have the opportunity to create our own interface with global standard like SIEM 2.0 and many more. Which is really helpful as, for example, we have a lot of on prem solutions where we can implement that with a customized interface.

Nima Attarzadeh: Right. Based on the challenge we saw earlier and the journey we went through with Okta, we can tell that Okta help us to drive our standardization and harmonization strategy. As we are able to reduce a lot of old platforms and bring a lot of services into one central place, like Password Reset Manager, and onboarding process, single sign on, adaptive MFA, and also all the security features. Which helps us also to provide one identity management standard globally. The lifecycle management and automation allows us to speed up the processes and reduce the internal effort we have. Which ends up also to reducing the costs. In regards of the standardization, based on Okta's standards and also the ability to integrate to multiple systems, we are able to rollout and deploy a global standard.

Nima Attarzadeh: Further on, as our priority is to focus on our customer, and ensure that the services we are providing are highly available and scalability is always there, we can count on Okta service as it's really reliable and it is adjusting to our requirements. As mentioned earlier, one of our requirements is to ensure that all the current platform and upcoming platform are able to connect with the current environment. And based on best of breed approach, which Okta provides, as mentioned earlier, the Okta integration network, all the partnerships with other big software vendor, we are able to ensure that all the upcoming platforms are able to connect to Okta, and our policies, and global standards.

Nima Attarzadeh: Also, one of the biggest point for us is the security and compliance, as we are working in regulatory environment. And on the one hand with Okta, we are able to increase the security and compliance. On the other hand, also to improve the user journey based on the single sign on and state-of-the-art security. Furthermore, with Okta we have the possibility increase company's visibilities to enter systems and have an overview of the read parts, and all the access which are, right now, more visible and it allows us to act faster. Also, based on Okta's global network, we are able now to see threats, which other customers probably see, and we can protect before we face them.

Nima Attarzadeh: As mentioned earlier, customer journey and satisfaction is the high priority for us. And with Okta, we have the possibility to continue focusing on that as Okta is taking care of the security and identity lifecycle management for us, and also providing the security and single sign on state-of-the-art user experience. We still can provide both services and make sure everything is available and secured. Based on the automation and lifecycle management providing by Okta, we're able to reduce the internal effort and reduce the costs as the services, like Password Reset Management, the onboarding process, and offboarding process, and many more services which are in the back without any additional internal effort.

Nima Attarzadeh: Based on the centralization and also the simplified complexity approach by Okta, we're able to harmonize and standardize our infrastructure, and also proceed with our IT strategy, and go further with a cloud strategy. Our value is to persist in innovation, commit to customer, colleague, and deliver trusted results. Therefore, we need to ensure we are working with reliable and trustful partners. And with Okta, we have a partner where we can rely and trust on. Thank you very much.

Sonali Singh: At this point, was talked about what lifecycle management is, we've seen a demo, and we've heard from one of our current customers. But I'm sure you must be wondering, "What's next? What else can I do?" Well, in the spirit of Okta's mission to connect everything, here's a preview of the next level of lifecycle management.

Sonali Singh: I'd like to introduce to you Okta Workflows, which enables customers to build identities and treat business processes without writing any code. If workflow starts with a trigger or an event, something like when this happens. Next, you can add some logic, like if this, then that function. And say I want to go deeper and perform an action within an application, like assign a territory within my Salesforce app. I can go ahead and add that. And to tie it all together, finally, I want to chain all of these actions and, at the end, send the update to my Slack channel, and to my user, welcoming them to the group and letting them know what's going on. I can finally add that piece. So Workflows really helps us chain all these pieces together with a few clicks.

Sonali Singh: And if this is something that you're interested in, definitely be sure to check our workflow session out at 1:00 PM today. With that, I'd like to pass it back to Sarah to wrap us up.

Sarah Farnsworth-Kumli: Fantastic. That was a great plug for our Workflows session. But bringing it all the way home, simplifying lifecycle management to its core. It's going to provide very clear joiner, mover, leaver paths, and all you have to do is click a checkbox to enable those creates, updates, and deactivates, making it very easy to provision accounts to applications. You saw us now not only walkthrough the demo, helping you automate the full process. And with that, I wanted to thank, Nima, so much for joining us, as well as all of you for this Lifecycle Management 101 session. Hopefully, we've learned a lot. And if you want to learn more, as another plug to throw in at the end, we have Workflows for Lifecycle Management at one o'clock today, as well as Human Resources as a Master, exactly to what Nima was speaking to at 2:00 PM today, both of those Pacific Time.

Sarah Farnsworth-Kumli: Thank you all so much for joining us.