Publish Date: May 8th, 2019

Business Situation

This case study covers Okta and HR as a Master with Workday as the Single Source of Truth. Project firm based out of Austin, TX engaged Iron Cove for Okta Profile Mastering.

Challenges

Phase 2 project for seamless Profile Master update to have Workday synchronize all user profile changes. Workday updates would then need to sync to local Active Directory environment.

The business goal is for HR and IT to automate the on-boarding and off-boarding of workers, contractors, and privileged access users based on their Workday profile status and worker status.

Customer Profile

A large company out of Austin, TX which has two sets of workers, Federal and Public, for their business. They wanted profile updates to sync to separate Active Directory instances.

Manual on-boarding of employees, contractors, and partners takes an enormous amount of time. The whole process can take several days. When a business has to manage a large scale of employees, this can become a considerable cost to the business bottom line.

Typical approaches for on-boarding lead to low productivity, inaccurate data, and significant security risks. According to Okta survey, 73% of IT departments have a hard time of keeping track of individual identity and permissions.

Benefits

WorkDay Lifecycle Management

Key Project Phases for Implementation

Phase WorkDay Okta
A Active Directory Analysis Apps Analysis
B WorkDay Analysis/Implementation SaaS Appliation Deployment
C Workday-Active Directory Relationship Rollout Considerations
D Workday to Okta to AD Deployment

Phase A Active Directory Analysis

Questions Required/Answered:

  1. Data Review
  2. Confirm Installation Okta AD Agents and IWA Apps
  3. Okta/Workday Profile Mapping Attributes Design (Okta Expression Language)
  4. Matching and connected.
  5. AD Security Groups
  6. Analyzed and Understood should be defined.
  7. W/in Application Assignments
  8. Testing
  9. Confirmation

Phase A Goals

  1. WD and AD attribute match and align.
  2. WD and AD attribute lifecycle testing. Patrick = Pat or Sue=Susie
  3. Security Groups for Application Assignment
  4. AD Security Groups to be defined.

Phase B Workday Analysis/Implementation

  1. Understand WorkDay Implementation
  2. Review with WD Owners
  3. Confirm lifecycle process today
  4. Trigger Events (New Hire, Transfer, Termination)
  5. WD Profile and Attributes
  6. The critical areas of focus on are those attributes which IT and business owners leverage for application provisioning and authorization.
  7. What role do groups play today?
  8. Do they want to sub out Okta groups for Workday Groups?
  9. Any new changes of membership have to come from WD, not Okta or AD
  10. What kind of help do they need there?
  11. Standards – Naming Conventions

Phase C Workday-Active Directory Relationship

  1. Relationship of Workday and Active Directory (LCM)
  2. Events and Triggers
  3. Example: when should an AD user record be created, updated, and/or disabled.
  4. What AD attributes are mapped to Workday user attributes?
Solution

Goal and Work Flow Achieved

workdayflowokta

  1. Workday as the Master
  2. HR is now running deployment of cloud applications.
  3. Active Directory
  4. Recieving, Changing all in synchronization.
  5. LCM (Lifecycle Management)
  6. Iron Cove Support
  7. Standard Meetings
  8. Trouble Shooting
  9. Planning and further adoption of Okta Adaptive MFA.

What Okta solves with HR as a Master!

Okta Lifecycle Management will connects your HR system, in this case WorkDay and IT resources to automate onboarding and offboarding in a modern, seamless, and secure way. Watch this video. Okta see's a 76% increase in IT productivity and management cost savings. Some organizations see a 90% reduction in password reset request.


Phone & Hours

(888) 959-2825
Monday-Friday: 9am to 5pm

Address

8117 W. Manchester Ave
Suite 915
Playa Del Rey, CA 90293