We get asked many questions around the off and onboarding of users, using Okta. Is there a mechanism to disable apps managed by and disable access to enterprise apps like Office 365, Adobe Sign, and other cloud applications?
We can automate the offboarding process for most apps, but the most significant challenge is whether your Okta team has enabled these features in the out-of-the-box integrations.
If the app assigned to users supports auto-deactivation, we can ensure the feature is tested and enabled during the integration. For example, we did this for a large movie studio, and the company on Box wanted auto-off for Box.com users.
However, we noticed that sometimes offboarding isn't as easy as turning off an account. For example, in specific use cases, app owners or stakeholders will want to delay account deactivation days or weeks after a user is disabled. In others, we need to think about data transfer or reassignment of resources, etc. In this case, we recommend using the applications' APIs (assuming the app supports and has a resource library) and Okta Workflows to automate those use cases.
Users are assigned to verify whether Okta supports lifecycle management features or application API. Then, we would need to verify any unique use cases and build them out. With that done, we can move closer to automated offboarding vs. a manual written process, which can expose compliance and security.
If you want to learn more about us and work with the above, we recommend taking inventory of the apps within your business and contact us to scope out your on and offboarding process.