Identity management technologies mean you can say “yes” more easily.

Since I went to Okta's conference a few weeks ago, I've been thinking a lot about identity management, provisioning, and the idea of users and business units choosing their own cloud apps. All the interesting developments in this space can be illustrated in a few anecdotes.

Since I went to Okta’s conference a few weeks ago, I’ve been thinking a lot about identity management, provisioning, and the idea of users and business units choosing their own cloud apps.

All the interesting developments in this space can be illustrated in a few anecdotes (Bear with me, I’ll tease out some conclusions at the end.)

Anecdote 1: Okta and provisioning

At Oktane, one of the big themes for Okta was automatic account provisioning. Automatic provisioning isn’t the easiest thing to do. (SCIM and SAML can be used to automatically provision accounts in cloud services, but Okta said they also do a lot of manual integrations with ISVs’ provisioning APIs. At the show they also launched a new provisioning SDK for ISVs, and currently they support provisioning in about 75 different apps.) However, once provisioning is available there are a lot of benefits. First, there’s the security and peace of mind that comes from automatically being able to deprovision users. Second, there’s convenience. In a keynote session, Okta customers talked about how automatic provisioning makes it a lot easier to say yes when business units ask to use different cloud apps, since it saves all the time it would take to set up users manually. (See the Day 2 Keynote video on this page, from 42:00 to 51:30.)

Anecdote 2: BYO Apps

A few months back, I wrote that users bringing their own apps (and the potential ill effects) aren’t as big of a problem as they used to be. There were a few reasons for this, but one of them is that a lot of productivity app startups are now providing enterprise options, with all of the appropriate management controls.

Anecdote 3: Dropbox and user capture

After the recent Dropbox Open conference, I was reminded about their strategy to get users hooked on a great consumer product, and then get companies to adopt Dropbox for Business or Dropbox Enterprise. Dropbox even has even have an “account capture” feature that can migrate existing accounts into Dropbox Enterprise.

Anecdote 4: Having tons of cloud apps

Last week a friend was telling me about how their company uses Jive, Jira, Google Drive, Slack, Confluence, Flowdock, Workday, Workfront, Webex, and many other cloud services. The company isn’t that big, but it’s hard to find things because they have to look in so many places, and it’s hard to collaborate across departments. They do use an identity management service, so at least it’s easy to get into everything. The friend wondered how much money the company had spent, since many of the services overlap each other.

What can we conclude?

Let’s look at what conclusions we can draw from these anecdotes. (I told you I’d get to a point!)

We can all agree on the benefits of federation and single sign on; now the next important step will be automatic provisioning integrations. Of course in reality SSO for cloud apps is still a long way off for many companies, and provisioning will be further.

Regardless, these technologies are key for reigning in all the new cloud apps that business units want to bring into companies. They make employee choice and BYO app into more of a reality by reducing the friction and overhead for IT. Account capture tools that bring rogue users and services into the fold could easily become the next important part of this trend.

Companies will still have to put thought into what services they want to pay for. For example, there is the whole issue of individual teams using their favorite services versus enabling collaboration across the whole organization. (And there’s still an issue of what happens when a company says no, but a small group wants to use a service anyway. Are we right back at where we started?)

The bottom line, though, is that automatic provisioning (on top of other identity management concepts) means that the choice of apps becomes more of a business decision and less of an IT decision.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Great article and thanks for sharing your ideas. This article helped me think of somethings I can do in my organization


Great food for thought around automatic provisioning integrations....!  Thanks much


We use Okta. Great product.


Reading articles like this remind me of how great it is to be using a product that is so cutting edge, and continues to improve month after month.


Using Okta for 1 year now. Its awesome!


Fantastic product been using it for a year now could not live without it.


Thanks for sharing your insight! I'm happy to see Okta getting the credit and acknowledgement they deserve - they're a lifesaver!


We've already seen employee embracing the freedom that comes with single signon and cloud based applications. Okta makes the single signon bit easy.


I've been using Okta for several years now and can't imagine the work day without it.


Okta is essential in trying to move IT further into your org's "front of house." The increased usage of cloud apps and BYOD becoming more common means that IT needs to think of themselves as business and productivity enablers and, hopefully, drivers.


Okta streamlines everything and it all just works. Love it.


Okta has been a great tool for us!


awesome read!


NIce article...this helps to talk to executives

Taking business decisions off of IT is always a good thing. Allowing people to do their work and not interrupting them saves so much hassle.
Nice comments - still relevant almost a year later.
Okta is the best SSO solution.
Great food for thought. 
The options you get with Okta is what drives our team to use it.