Okta Domain Change From Old to New
Publish Date: December 8th, 2022
As organizations grow over time, they find that they have purchased a new organization or rebranded with a new domain name. Successful growth introduces the need to merge users from a historical domain or system to the current domain. A task such as this doesn’t come without complications. Many moving parts can lead to analysis paralysis, such as updating user information within multiple systems, such as identity providers, email solutions, day-to-day applications, etc. The organization's technical teams may start to wonder how to accomplish this task without user disruption or catastrophic loss of access that may halt the organization's work.
The Iron Cove Solutions consulting team was challenged in helping establish the process to automate the domain name change from a historical multi-domain organization to a singular domain. Along with documenting the proper order of operations, the customer wanted to ensure user information was updated to all applications accessed by the user where supported. User access to applications should not be affected during the domain migration process. Finally, we only had a limited window to apply the changes across 25+ business-critical apps.
What we solved and how it was received ex: We reduced the number of manual steps and completely removed the dependency on a manually maintained spreadsheet. User onboarding no longer required weeks of coordination.
All users placed under singular domain which no longer required administrators to determine which historical domain was required for the user. Reduced number of application instances within Okta due to the removal of historical domains and placed all users within a single application instance. Assisted organization in updating on-boarding and off-boarding steps.
How we solved the issue or what we proposed leverage actual features of our products. Solution ex: Sync user profile data to Okta Universal Directory and integrate birthright apps with Okta Workflows Console. Build automation to run during key events, such as:
- Monitor the first day of work attribute and send user activation 24 hours before the start date.
- Notify IT of a failed provisioning event and stop all flows
- Notify department team leads of new hires when they activate their account
Update user profile data within Okta Universal Directory and integrate applications with Okta Workflows. Users are to be updated in batches based on a users geographical location/priority. Monitor and notify organization administrators of failed user updates.
- Having a robust Okta profile helped us build our role to access mappings
- Review and verify appropriate app licenses to enable API, and SCIM features are available.
- Fine-tune workflows after the initial launch, and make backups of work flows before changing them.