We rely on Okta as our directory service, not an external LDAP or Active Directory. We consider Okta our “directory of truth” for users since we are a SaaS company ourselves and use apps in a SaaS first mentality with over 50 applications behind Okta and growing at our organization.
When it comes time to user de-provision an employee, Okta is still a manual process for IT. Someone must go clear user tokens and deactivate or suspend the user. We already use Automation Workflows to auto-suspend accounts that have not been active for a certain period of time. It would remove the human element and human error in missing an employee termination if once IT is notified by HR, for example, Tuesday at 10am of an employee termination that will occur that Friday at 4pm, IT could hop into Okta and setup an Automation Workflow to clear user tokens and deactivate or suspend the Okta account automatically that Friday at 4pm. Timezone can be UTC, EST, PDT, whatever honestly, and we can handle translating so that it occurs at the correct time for the location of the employee.
We love Okta, and this particular feature would allow us to keep Okta in the front line for us. Otherwise we have to rely on another system managing Okta for us to get this type of feature, and we just… don’t wanna