We're Hiring:

End to End Automation & Auditing

Centralized Deprovisioning

Whitepaper

Three Ways to Integrate Active Directory with Your SaaS Applications

Download

The inability to remove application access when a user no longer requires it can be detrimental from an identity management standpoint, and it can have security and business impacts to your organization. Okta automates the end-to-end deprovisioning process for easy identity management including:

Automated End-to-End Workflow

User deactivation is typically triggered from a corporate identity store such as Active Directory. When a user is deactivated from AD, users are automatically deactivated within Okta and a deprovisioning workflow is kicked off to de-provision the user from downstream applications.

The workflow generates a notification to administrators and guides IT to complete any necessary manual identity management tasks associated with a particular user or application.

Identity management deprovisioning task list

Identity management deprovisioning task list

Deprovisioning Task List

As part of the deprovisoning process, some accounts need to be manually removed from the application directly. Certain accounts might be shared or used as a personal level. Okta creates a deprovisioning task list as part of the workflow that covers all outstanding users and accounts and ensures that all actions are clearly recorded.

Identity management audit trail and report

Identity management audit trail and report

Deprovisioning Audit Trail & Report

One of the biggest concerns related to deprovisioning is having the ability ensure and record that all administrative actions were taken and that users no longer have access to critical business systems. Within Okta, the entire audit trail is captured for reporting and audit purpose so that you can easily generate historical deprovisioning reports over time by user or by application.

Active Directory Integration

User deactivation is typically triggered from a corporate identity store such as Active Directory. With Okta’s Active Directory Integration, deactivating a user in AD initiates a deprovisioning workflow immediately to ensure maximum effectiveness in preventing rogue access.