BrianR.50917 (Customer) asked a question.
Onboarding - Allowing Okta account setup without access to applications until after start date
Hello,
New Okta user here. As a part of our onboarding process we are looking to drop ship equipment to our new employees and have them setup their account however not be able to use any of the assigned applications until after their start date.
Is there a recommendation as to the best way to handle this? I'm thinking about triggering on their start date field however am not sure where best to execute this within the platform.
Thanks in advance for any responses
Are you using Okta (and the groups and assigned apps within) for provisioning? Or just access control/federation?
If you need to add them to the groups & apps for provisioning purposes in advance of start, but still do not want them to have access to anything (look but cant touch), you could look at applying policies to the apps themselves based on another group membership.
If member of 'pre-hire users' group, access is not allowed. You would need to apply the policy to all Apps that are assigned to the new hires. The app tiles will all be greyed out for them, but they're still technically assigned to them and I would think any workflows and provisioning would/could take place. On their start date, remove their membership in the lockout group. (I don't use LCM, so take the theory with salt)