- Discovery and Define
- Review and Testing
- Fine Tuning
Discovery and Define
Our primary goal is to define the expectations of your Okta integration. As this is an infrastructure change are you considering Okta for:
- Multi-factor Authentication (MFA)
- Life Cycle Management
- User Account Self-service Recovery
- Integration of SaaS apps
- User Profile Management (Universal Directory)
Questions to Consider
- What security goals can Okta meet?
- Where do your user's cloud identities exist?
- What profile information is required today by your org?
- How have you introduced other cloud services before?
- Were there any challenges with user adoption?
- For applications, have you verified accessibility in Okta?
- Search for your cloud apps
- Are there custom apps you're trying to integrate?
- What challenges have your admins or end users faced with managing cloud identities?
We assist in a full implementation of the defined objectives. This phase allows us to implement Okta to meet your management and integration requirements. Whether it be adding MFA, Security and Sign on Policies, or integrating with your existing directories; Iron Coves certified technicians will guide you every step of the way.
As we complete our discovery, we move into the configuration of Okta for administrative testing.
- Review the Okta Admin settings and perform org configuration.
- Implement existing directories into your Okta org.
- Configure User profiles and groups for admin management.
- Stage your SaaS apps for SSO enablement.
- We'll gather the requirements to complete the SSO integration and plan for production integration.
- Configure and implement Security policies for sign on and password management.
- Define User self-service features for account recovery.
Questions to Consider
- Will users be hosted in Okta or an external store like Active Directory or LDAP?
- What is the current login flow for SaaS apps?
- Is MFA required as part of login flow?
- What is the account lifecycle for in scope users?
- Do we want to test in a preview site with isolated apps?
Review and Testing
Before introducing Okta to your team, we'll perform non-intrusive testing to determine the security and sign-on flow designed. A pilot group made of your expected Okta users should be brought in at this stage.
During this phase we review:
- SSO flow process. Okta supports two key authentication methods
- Okta's Secure Web Authentication (SWA)
- Federation (supporting SAML or another proprietary federated authentication protocol)
- Security and Sign on settings per group
- For Life Cycle Management
- User profile requirements per SaaS apps
- User provisioning and deprovisioning flows
- User licensing (if supported by app)
- User Account Self-service Password features
As your familiarity and comfort level grows with Okta administration we'll redefine any functions and process based on your feedback.
Once adjusted we'll return to testing until your Okta org meets production readiness.
Questions to Consider
- Was the sign in flow what users expect?
- Did users have trouble creating their profile?
- Was there a challenge with MFA setup?
- Did application access work as expected?
- Do self-service features need to be redefined?
Okta Enablement and Go-Live
The final stage of our workflow has us plan for dates and times to enable your production-ready applications. We'll guide you through our best practices and considerations for introducing Okta to your entire organization.
Our goal is to ensure that user adoption and understanding of SSO has been sufficiently communicated and lend ourselves for any support needs.
During this phase we complete:
- Application integration for SSO
- Enablement of MFA and Security policies
- User provisioning and Life Cycle Management processes
- Perform a full org review of the current Okta settings
- Provide a before and after Identity Provider design
|Service||Iron Cove Responsibility||Client Responsibility|
|Define requirements and identify data to be migrated (active/passive data)||Assist - Advisory||Primary|
|Defining data migration tasks and timelines||Primary||Primary|
|One approximately two-hour remote training on admin features||Primary||Assist|
|One approximately two-hour remote training on end-user features||Primary||Assist|
|One approximately two-hour remote training on best-fit folder structures, sharing and permissions structures in cloud service.||Primary||Assist|
|Support designing and implementing desired for the cloud service structure and permissions||Primary||Assist|
|Support confirming completion of data migration to cloud service.||Primary||Assist|
|Remote support and issue resolution while data migration project is in process||Primary||Assist|
Faster cloud adoption is better when utilization is 100%. While deploying web services for the cloud, we give a lot of emphasis on reducing response time to enable a smooth voyage for users to cloud services. We understand that just deploying on the cloud is not enough; we need to implement it in the right manner to give a better experience to your users.