Here’s the scenario: You’ve finally implemented single sign-on (SSO) for your applications and connected your on-premise Active Directory with Okta. Your end-users are happy because they can quickly access their apps from anywhere and easily sign-on with their corporate laptop or other devices. Your business is happy because you’ve increased user productivity and reduced IT cost by lowering your administrative load.

But, one thing that could continue to add menial tasks to your administrative load is handling governance (access request, approvals, audit trail, reporting) for application access. In most corporations, proper governance is required for user application access. Fortunately, Dell Identity Manager Active Directory Edition (ADE) offers a unique and easy way to enable governance and access requests for your Okta environment.

With a smaller footprint (and cost) than full-blown Dell Identity Manager, Active Directory Edition (ADE) provides a full-featured AD group management and an access request portal for your users. The magic happens when we govern AD group membership with ADE. Users or managers can create access requests for Okta applications in ADE’s IT Shop portal. The request follows a preconfigured approval workflow, and once the request is approved, the user is added to the AD group and granted access to the application on the next Okta/AD sync.

This way, the business owners of the application can manage who has access to an application rather than your IT staff. Plus, we have full governance that will satisfy your corporate security and auditors.

You can also choose to present only relevant items to users (based on their groups) so that Engineers aren’t requesting Quickbooks access and accounting interns aren’t requesting access to Salesboom. This level of control reduces the administrative burden and keeps things simple for your users by not overloading them with irrelevant options.

In addition to the approval process, regular recertification can be scheduled so that only users who still need access to an application keep their access. If the application manager disapproves the continued access, the user is removed from the group. All of these approval and recertification requests are audited so you can easily produce reports on who has access, who granted access, when/why access was granted, etc.

And the best part: it’s all automated. No more manual management of your Okta users and applications.

Do you have IAM questions or problems? Not enough time or resources to create a solution? We’d love to hear from you and start on your custom IAM solution today. There are several different ways to get in touch with us, so pick your favorite and let’s start solving problems today.