For any government entity leveraging iChris for their HR and Payroll system, this article explains ways to integrate iChris with Okta for HR-as-a-Master solution.
As companies look to adopt Modern Identity solutions such as Okta, one of the business requirements that often is discussed is - how can I automate my identity lifecycle?
Often this leads organisations down the pathway of HR-as-a-Master, or HRaaM for short. HRaaM is a process whereby all identity operations are sourced from your personnel data stored in a Human resource management system. This sourcing of data from HR is really an acknowledgement of the reality within many organisations - IT is often out of the loop about changes to personnel.
HR-as-a-Master provides a way for organisations to automate the identity lifecycle - HR has to keep staff members information accurate for payroll and HR related needs; this allows IT to leverage off this requirement to improve the overall identity state within their organisation.
As the market leader in Identity and Access Management, Okta once again proves an innovator in this space. Okta’s Universal Directory is designed to bring data into a central location for visibility and then push this out to external applications. HR-as-a-Master is an obvious extension of this capability. Out of the box, Okta supports mastering from a number of leading solutions such as Workday, UltiPro, BambooHR & SAP SuccessFactors just to name a few.
Recently, Xello completed a custom Okta implementation at a Government based organisation of CSV directory with the HRIS software iChris. Throughout this implementation, we documented three lessons that will assist IT teams to integrate in the most risk adverse and cost effective way possible.
#1 - Map your data flows
One of the things that can be really challenging when implementing HR mastering is understanding the associated data flows – Okta provides mapping detail between applications & itself, however understanding the follow-on flows from application to application is critical. Leveraging simple tools such as Microsoft Excel can be really useful in this scenario. It’s pretty simple to draw up a grid where you demonstrate flows between applications; this can even help you to understand if you need attribute level mastering.
Looking at the above example, it’s simple to see that our HRIS doesn’t store email addresses, therefore we create this on import to Okta and then push this to Office 365.
#2 - Ensure you protect your data exports
Working with HR data can often carry the risk of user exposure. A HRIS naturally stores sensitive information such as payroll data, personal addresses and personal contacts, ensuring that you don’t inadvertently publish/export this data to your organisation is critical. To do so, we recommend configuring a static report that can only be administered by an administrator. If your HRIS supports configuration of backend reporting; this should be completed using a service account. This prevents HR team members from inadvertently deleting your reporting or modifying the service to send sensitive data out to Okta.
#3 -Master early and test everything
Okta Mastering is a really powerful tool – however, understanding the exact flows can be challenging. One thing that a lot of organisations struggle with is enabling mastering efficiently, and not visualising the implications. When implementing HR-as-a-Master, it is recommended to import you HR data immediately. More often than not, this dataset will function as the authoritative source for attribute information. Bringing this in early will enable you to slowly configure mastering as you leverage further applications, with confidence that your data is being correctly sourced from HR. Importing the HR data allows you to build detailed flows aligned to your business process.
It’s also important to understand the implications of each HR data source. For example, when dealing with CSV Directory, removal of a user from a CSV file will deactivate their Okta account and associated downstream applications. Bringing this in early allows you to test a full HR Managed flow and complete end to end testing using your HR data.
If you or your business are having difficulty with any of the above, especially leveraging Government based HRIS systems such as iChris, please reach out to us.
In addition, we recommend you download your free copy on why the need for a Modern Identity Platform is critical for your business.