Three Ways to Integrate Active Directory with Your SaaS Applications
The inability to remove application access when a user no longer requires it can be detrimental from an identity management standpoint, and it can have security and business impacts to your organization. Okta automates the end-to-end deprovisioning process for easy identity management including:
User deactivation is typically triggered from a corporate identity store such as Active Directory. When a user is deactivated from AD, users are automatically deactivated within Okta and a deprovisioning workflow is kicked off to de-provision the user from downstream applications.
The workflow generates a notification to administrators and guides IT to complete any necessary manual identity management tasks associated with a particular user or application.
As part of the deprovisoning process, some accounts need to be manually removed from the application directly. Certain accounts might be shared or used as a personal level. Okta creates a deprovisioning task list as part of the workflow that covers all outstanding users and accounts and ensures that all actions are clearly recorded.
One of the biggest concerns related to deprovisioning is having the ability ensure and record that all administrative actions were taken and that users no longer have access to critical business systems. Within Okta, the entire audit trail is captured for reporting and audit purpose so that you can easily generate historical deprovisioning reports over time by user or by application.
User deactivation is typically triggered from a corporate identity store such as Active Directory. With Okta’s Active Directory Integration, deactivating a user in AD initiates a deprovisioning workflow immediately to ensure maximum effectiveness in preventing rogue access.