We recently partnered with Okta and Atlas Identity to deliver a no-code platform for automated Identity and Access Management (IAM) workflows. Our new Okta connector is particularly exciting, because it allows for a wide range of new and innovative business processes—like completely automating employee and partner onboarding and offboarding end-to-end, building identity-driven approval workflows, and being able to do Security Ops from Slack.
We’ve already highlighted how the Okta connector works and what you can do with it. But if you’re a tech aficionado, a consultant, or a developer, you’re probably more interested in how the connector’s creation—and how you can use Workato to craft your own integration solutions.
One Developer, Hundreds of Custom Integrations
Stephen Williams, the founder of Atlas Identity, created the connector after spotting an opportunity to extend the value of Okta, which his company specializes in deploying. As specialists in cloud-based Identity and Access management solutions, Atlas Identity works with customers through the entire lifecycle, from requirements assessment through to delivery. Williams first realized the enormous value of combining cloud-based integration with cloud IAM after a client contacted him for advice on an unusual requirement. The client needed customer identity information from Chargebee to flow directly into Okta. Okta does not support Chargebee as an identity source, so Williams faced the undesirable conundrum of having to recommend the coding of a custom integration.Are you a developer? You can use Workato to craft your own integration solutions. Here's how. Click To Tweet
“In the IAM space, the need for application integration is very common,” says Williams. “I’ve personally built application integrations many times, as customers commonly have requirements that aren’t met by a product. And I thought, ‘Wouldn’t it be great if I could reuse these integrations, instead of working from scratch every time?’”
He explains that he didn’t know of any cloud-based integration solutions, so he started looking. After trying both Workato and Zapier, he decided that Workato was the solution he’d been searching for: flexible, quick to build, and well-supported. “I really felt it would solve the challenge I’ve experienced every single year of my career in IAM,” Williams continues.
Leveraging the Developer Portal and APIs to Create the Okta Connector
An IAM veteran, Williams made use of long-established connections to push his idea of an Okta-Workato connector. “As an Okta partner, we have a very good relationship with Okta business development and engineering teams,” he explains. “I could see the value to Okta, so I suggested building the connector, and it turns out they’d also been thinking about it for a while.”In the #IAM space, the need for application integration is very common. This developer created a solution. Click To Tweet
When it came time to build the connector, Williams signed up for a Workato Partner account, which provided him access to the SDK and developer portal. Initially, WIlliams began by creating an Okta app. “I got to know the Workato SDK, and I played around with creating apps,” he says. “I was quickly able to integrate my apps with Okta’s API, which is easy to use and very well-documented.”
He explains that, in IAM, the acronym CRUD denotes those capabilities: to create, read, update, and delete a user. “To create a connector with those features, I needed to expose those capabilities with Okta.” Williams worked with the Workato engineering team to access the correct documentation. “Once I understood the syntax and coding approach, I created the ‘get Okta user’ functionality first,” he says.
Williams first tested the Okta API calls in Postman. “Once I had the right Okta API calls, I ported them across into the Okta connector within Workato. When you create a new Workato connector, there’s a great developer interface where you can make a change, test it, change it again, and test it again—until you get the result you want.” He then worked on using Okta to trigger more complex workflows, like using a new user creation event in Okta to trigger the changes within Box.com.
Throughout the process, Williams faced few challenges. “The biggest hurdle was that I trained as a Java programmer; so I’d never built anything with Ruby on Rails. Getting up to speed on the syntax was tough, but the Workato engineering team was very helpful. They gave me many examples of code to look at and dissect,” Williams says.
Agility + Reusability = Flexibility
Though creating a completely new connector sounds daunting, Williams says building out each functionality didn’t take too long. “A lot of it is template-based,” he explains. “I could call the API to fetch a user or group as soon as I had an example of triggering and fetching from Okta. The functionality is quite agile.” Williams recounts how he first demonstrated the functionality to Okta. “I took a one-hour train ride to Okta’s London office. In that hour, I coded and successfully tested a completely new action over and above the minimum they needed, as it was so easy to extend.”
For consultants like Williams and his firm, the Okta connector offers a wide range of benefits. Compared to custom code, it’s much easier to maintain the knowledge and skills needed to use Workato. “To use Workato, my organization just needs someone who can code in Ruby on Rails, because the Workato SDK is so well-documented,” says Williams. “You can just focus on understanding the customer’s unique needs, and you don’t have to manage their custom code long-term. You just need to be able to read the documentation and code in that language.”
The Okta connector also helps the businesses that use these integrations. “Customers enjoy greater flexibility,” Williams comments. “In the beginning, they might only need a few actions. But if they later need increased functionality, it requires such a small change to the recipe. In fact, any new functionality required may have already been built for an entirely separate customer that uses the same connector. With custom code, that would be a big, intricate change, and the customer would have to wait for the next release of that code that they solely use. With recipes, we can make the change in minutes, not weeks or months.” He continues, saying that companies also benefit from not being reliant on the one developer who originally constructed the custom code.”There’s no single point of failure; you really do get better maintainability.”
That’s important, he explains, because IAM has a cascading effect on downstream processes. “If you incorrectly code how to retrieve an employee’s job title, for example, they may get the wrong access or none at all. They won’t be able to work effectively and you may open up new security issues,” he says.
But the biggest benefit of the connector, Williams says, is its reusability. “Sometimes we get deja vu coding the same integrations in different languages for different customers,” he says. ”Companies typically cannot share their integration code, so you have to keep starting from scratch. With Workato, we don’t have to create custom code for specific customers or contexts. I can build truly reusable solutions.”