Connecting your HR system to Okta

Okta Lifecycle Management (LCM) helps organizations of all sizes streamline and automate end-to-end lifecycle activities. Customers who use an external Identity source, like a human resources (HR) management system, will connect it to Okta so that they can import and manage identities throughout their lifecycle in a single plane. Okta has a number of pre-integrated HR systems that facilitate automated provisioning and deprovisioning. 

But what if you’re using an HR system that isn’t pre-integrated? Or what if you need to use a CSV file as your source? Depending on the source of truth,  this can be accomplished in various ways, which we will explore below.

CSV-as-a-Source

The CSV directory integration is a lightweight, out-of-the-box option that enables you to build custom integrations for on-premises systems. Your organization may be interested in this option if you want a quick deployment and your HR system can easily export a CSV file.

It doesn’t get more straightforward than this method. A CSV file must be generated from an HR system, like ADP, and then ingested into Okta using a provisioning agent. Once you import the identities, you’ll have the same functionality as if you were using a pre-integrated application, such as scheduled imports, attribute-level mastering, matching rules, and a rich profile of user attributes. 

GUSM7gAikYgm 1GiWPy9CqT2xXHUjr30LVsJE aC4G4Gma3THCq8 BWTEUpQVWsj1Rs7H1lXkNk4CdUAzMzfFun vc JLcYZv8pPj1rA3En56GXDn9vNktZgzSJ7UJFVTeqoXM5lH0RUgvc0M  CqYc

Anything-as-a-Source and Workflows

Okta recently introduced Anything-as-a-Source (XaaS) to the synchronization lineup. As the name suggests, you can import identities from any source of truth into Okta and, as a result, use Okta as a single control plane for Identity and Access Management.  This option will be a good fit if you’re looking to maximize no-code automation with Workflows as the middleware and its increasing number of templates.

 

The benefits of this new feature are numerous. First, you can unlock lifecycle onboarding with any system or any source of truth. This opens the door for many other popular HR systems used across the globe. Second, you can enable attribute-level sourcing from any application which can then be used to drive group rules or access certifications. Third, you can also take advantage of existing Lifecycle Management automations since this integration uses the sync pipeline.

 

B8yDNR A5lH7KfB5QW eEzX0sWqxXvTJkw46jbaLcfTvt5uW7Kco41JcvhdgxYSabDyDZEDfiR8gI1GbA53LrVfrx8d154aSfc 5REnkP5CefEKZrkFvFh3YIkBBanPKOZo2SkFrcfw2dzt4RK0bGKg

Anything-as-a-Source  and custom client

In some instances, Xaas APIs can work with a custom client, as middleware is required to connect the Identity source’s API with Okta’s API. Usually, organizations will work with the Okta Professional Services team to set this up and host it on their servers. Implementing a custom connector is more resource-intensive out of all of the options but can be just as effective, as it’s built specifically for the organization’s use cases.

Sw o6w1U7ruWQwasWti1p8s3vCeYyPmZyGxSH VJZZlQREj2tTxceST7H4lDV7WQSg9UMXa PXk5lU TdMQmfvNAay JKgqo8I8sq2JDGE8vBcouLJJpMFqo85o0TrVclGVfqYKQMoRMgLrrLgjTftA

Partner connectors

Your fourth option would be to use an Okta partner connector. These SCIM-based connectors easily extend HR-driven IT provisioning to any cloud or on-prem HR application source or directory. This option is advantageous if you already have relationships with the partner for other connectors.

Okta and the partner connector work together to source various attributes, centralize them, and then grant or revoke access to other applications. Unlike the CSV method, with partner connectors, there is the opportunity to write attributes back to the original source.

nvmDwDH7N9CrM 6GO adW4UAqFKAMZxvg5H gStj6GQdXEWgdGP lHEOOZU1A04rtyyvPGXeL0fYDpgT8ccyP2z06aCiWqLXAsqnQv6Wjmcl8qPaizLtr2L iZiHUdp7HFh3 Tcyaxdbo5YLMuSUohQ

Okta offers a variety of integration options so that you can have the freedom to choose the Identity source that is right for your organization. With this flexibility, you can bring in the user attributes that you need, sync at your chosen intervals, and carry out life cycle activities, all directly from Okta. 

 

Complexity level (1-5, easy to difficult)

Architecture

Solution Host

Agent Needed

Write-back Option

CSV-as-a-Source

1

CSV based

Okta

Okta on-prem connector agent

No

XaaS + Workflows

2

API based

Okta

No

No

XaaS + Custom Client

4

API based

Okta (XaaS API)

Customer hosts the Client

No

Yes

Partner Connector

3

API based

Partner

No

Yes

 

Contact your account representative or professional services to start connecting your Identity sources to Okta.