Okta admins can now schedule the suspension of an Okta mastered account on a specific date (down to the second). On the configured date, Okta will automatically suspend the user's Okta account, preventing the user from authenticating to Okta. Note that suspending a user is different from deactivating a user, which removes access to the app and triggers deprovisioning flows (if configured).
This feature enables Okta admins to better manage the lifecycle of non-employee accounts, such as contractors. Unlike employee accounts whose lifecycles are tightly governed & mastered by an authoritative source such as AD or HR, non-employee accounts generally have fewer controls. Specifically, their onboarding and offboarding processes aren't managed by the same authoritative source(s). Consequently, it's common for non-employee accounts to get created and persist long after they're needed. This feature solves that problem by cutting access on a specific date (e.g. on the last day of the contract).
Disclaimer: Any customer can evaluate this feature during beta. However, when it progresses to Early Access/General Availability, only customers who have bought Universal Directory will be able to use it.
- Admins can schedule suspension dates by importing a CSV (useful for batch scheduling)
- Admins can view upcoming suspensions within the next 30 days
- The System Log captures event details when 1) a suspension is scheduled and 2) a suspension occurs
- Only works on Okta accounts that are not mastered by authoritative sources (AD, LDAP, HR, etc.)
- Okta guarantees that the account will be suspended within an hour of the scheduled date/time
I'm in! How do I get started?
Currently, only Okta PREVIEW environments (*.oktapreview.com) are eligible for this feature. If you do not have a preview environment, you can sign up for a free developer tenant at https://www.okta.com/developer/signup/.
To enroll in this program, please sign up here: https://support.okta.com/help/OktaBetaProgramHome