Connecting your HR system to Okta
Okta Lifecycle Management (LCM) helps organizations of all sizes streamline and automate end-to-end lifecycle activities. Customers who use an external Identity source, like a human resources (HR) management system, will connect it to Okta so that they can import and manage identities throughout their lifecycle in a single plane. Okta has a number of pre-integrated HR systems that facilitate automated provisioning and deprovisioning.
But what if you’re using an HR system that isn’t pre-integrated? Or what if you need to use a CSV file as your source? Depending on the source of truth, this can be accomplished in various ways, which we will explore below.
CSV-as-a-Source
The CSV directory integration is a lightweight, out-of-the-box option that enables you to build custom integrations for on-premises systems. Your organization may be interested in this option if you want a quick deployment and your HR system can easily export a CSV file.
It doesn’t get more straightforward than this method. A CSV file must be generated from an HR system, like ADP, and then ingested into Okta using a provisioning agent. Once you import the identities, you’ll have the same functionality as if you were using a pre-integrated application, such as scheduled imports, attribute-level mastering, matching rules, and a rich profile of user attributes.
Anything-as-a-Source and Workflows
Okta recently introduced Anything-as-a-Source (XaaS) to the synchronization lineup. As the name suggests, you can import identities from any source of truth into Okta and, as a result, use Okta as a single control plane for Identity and Access Management. This option will be a good fit if you’re looking to maximize no-code automation with Workflows as the middleware and its increasing number of templates.
The benefits of this new feature are numerous. First, you can unlock lifecycle onboarding with any system or any source of truth. This opens the door for many other popular HR systems used across the globe. Second, you can enable attribute-level sourcing from any application which can then be used to drive group rules or access certifications. Third, you can also take advantage of existing Lifecycle Management automations since this integration uses the sync pipeline.
Anything-as-a-Source and custom client
In some instances, Xaas APIs can work with a custom client, as middleware is required to connect the Identity source’s API with Okta’s API. Usually, organizations will work with the Okta Professional Services team to set this up and host it on their servers. Implementing a custom connector is more resource-intensive out of all of the options but can be just as effective, as it’s built specifically for the organization’s use cases.
Partner connectors
Your fourth option would be to use an Okta partner connector. These SCIM-based connectors easily extend HR-driven IT provisioning to any cloud or on-prem HR application source or directory. This option is advantageous if you already have relationships with the partner for other connectors.
Okta and the partner connector work together to source various attributes, centralize them, and then grant or revoke access to other applications. Unlike the CSV method, with partner connectors, there is the opportunity to write attributes back to the original source.
Okta offers a variety of integration options so that you can have the freedom to choose the Identity source that is right for your organization. With this flexibility, you can bring in the user attributes that you need, sync at your chosen intervals, and carry out life cycle activities, all directly from Okta.
Complexity level (1-5, easy to difficult) |
Architecture |
Solution Host |
Agent Needed |
Write-back Option |
|
CSV-as-a-Source |
1 |
CSV based |
Okta |
Okta on-prem connector agent |
No |
XaaS + Workflows |
2 |
API based |
Okta |
No |
No |
XaaS + Custom Client |
4 |
API based |
Okta (XaaS API) Customer hosts the Client |
No |
Yes |
Partner Connector |
3 |
API based |
Partner |
No |
Yes |
Contact your account representative or professional services to start connecting your Identity sources to Okta.