How to Provision and De-Provision
users within Okta
Author: Shaq Duffus-Gordon
Release Date: 05/07/2023
How do you Provision an Un-Provisioned user?
The benefits of provisioning with Okta are that Okta can create/read/update accounts for all users and can remove accounts when users get deactivated. Provisioning can also save time when setting up new users and teams and can be useful to help manage privileges for the users. You can create accounts inside external applications and then import them into Okta or vice versa from Okta and then push the accounts into any application that is integrated with Okta.
Other benefits of provisioning include things such as using Okta to create and assign user names, profiles and permissions and connect users’ accounts to a single user account within Okta, Also able to generate reports and audit trails to determine where changes are needed for efficiency.
Users that are assigned an app before the provisioning is enabled for that specific app are not automatically provisioned. Once provisioning has been enabled within the integration with the app, these un-provisioned users can be manually provisioned with the following steps:
- Go to the admin console within Okta
- Select Applications
- From the drop-down select Applications
- Enter the name for an app integration in the search field
- Click the app integration name within the search results
- Go to the Assignments tab,
- Select people in the Filters list
- You can see which users are unprovisioned as they are marked with a red exclamation mark icon
- Click Provision user, and then click “OK” in the following pop-up
How do you De-Provision a user?
The benefits of deprovisioning with Okta are that your organisation will have an improved security profile due to access to applications and content being removed from past users. De-provisioning a user can be done automatically and with this, it removes their access from any app assigned to them, De-provisioning is also important for compliance in regards to helping maintain an accurate count of users for applications. You can de-provision a user directly from within Okta, Organisations have policies to keep de-provisioned accounts active just in case they need to be restored
When you deactivate a user in Okta, it de-provisions the user from the apps assigned to them. If the user gets reactivated after deactivation, the apps previously assigned are reassigned to the user’s accounts.
The steps to de-provision a user’s account are as follows:
- Go to the admin console within Okta,
- Go to Directory then People,
- Either search for the user by scrolling or in the search field enter the user name
- Click the user’s name
- Click More Actions then Deactivate
- In the pop-up, click Deactivate