This case study covers Okta and HR as a Master with Workday as the Single Source of Truth. This Project was completed for a firm based out of Austin, TX who engaged Iron Cove Solutions for Okta Profile Mastering.
Challenge for Workday as Master with Okta.
After the completion of Phase, we moved to Phase 2 for this project for a seamless Profile Master update to have Workday synchronize all user profile changes. The goal was to have the Workday update and then sync downstream to their local Active Directory environment.
The business goal is for HR and IT to automate the on-boarding and off-boarding of workers, contractors, and privileged access users based on their Workday profile status and worker status.
A large company based out of Austin, TX, with 2,000 employees, has two identifiable sets of workers -Federal or Public- within their Workday cloud application. They wanted worker profile updates to sync to separate Active Directory instances and two separate Okta instances from the One Workday instance.
Manual onboarding of employees, contractors, and partners takes an enormous amount of time. The whole process can take several days. When a business has to manage a large scale of employees, this can become a considerable cost to the business bottom line.
Typical approaches for onboarding lead to low productivity, inaccurate data, and significant security risks. According to the Okta survey, 73% of IT departments have a hard time of keeping track of individual identity and permissions.
WorkDay Lifecycle Management
Key Project Phases for Implementation
|Active Directory Analysis
|SaaS Appliation Deployment
|Workday-Active Directory Relationship
|Workday to Okta to AD Deployment
Phase A Active Directory Analysis
- Data Review
- Confirm Installation Okta AD Agents and IWA Apps
- Okta/Workday Profile Mapping Attributes Design (Okta Expression Language)
- Matching and connected.
- AD Security Groups
- Analyzed and Understood should be defined.
- W/in Application Assignments
Phase A Goals
- WD and AD attribute match and align.
- WD and AD attribute lifecycle testing. Patrick = Pat or Sue=Susie
- Security Groups for Application Assignment
- AD Security Groups to be defined.
Phase B Workday Analysis/Implementation
- Understand WorkDay Implementation
- Review with WD Owners
- Confirm lifecycle process today
- Trigger Events (New Hire, Transfer, Termination)
- WD Profile and Attributes
- The critical areas of focus on are those attributes which IT and business owners leverage for application provisioning and authorization.
- What role do groups play today?
- Do they want to sub out Okta groups for Workday Groups?
- Any new changes of membership have to come from WD, not Okta or AD
- What kind of help do they need there?
- Standards – Naming Conventions
Phase C Workday-Active Directory Relationship
- Relationship of Workday and Active Directory (LCM)
- Events and Triggers
- Example: when should an AD user record be created, updated, and/or disabled.
- What AD attributes are mapped to Workday user attributes?
Goal and Work Flow Achieved
- Workday as the Master
- HR is now running deployment of cloud applications.
- Active Directory
- Recieving, Changing all in synchronization.
- LCM (Lifecycle Management)
- Iron Cove Support
- Standard Meetings
- Trouble Shooting
- Planning and further adoption of Okta Adaptive MFA.
Workday to Okta Solution
What Okta solves with HR as a Master!
Okta Lifecycle Management will connects your HR system, in this case WorkDay and IT resources to automate onboarding and offboarding in a modern, seamless, and secure way. Watch this video. Okta see's a 76% increase in IT productivity and management cost savings. Some organizations see a 90% reduction in password reset request.