Smooth first day access for employees with Okta

You show up excited for your first day at work at a new company. You are greeted by your manager, and you get to say hello to all your new colleagues. Everything seems to be going well and you finally get your computer that has been prepared by IT and you are eager to start your new journey. You open the lid and start your computer and you are immediately prompted for your password. So, what is your password?

You have never logged in to this computer before and your account has been created by someone else so what do you do? It turns out that the IT department forgot to give you the paper with setup instruction that includes your initial login details. Satisfied that you have cleared the first obstacle in your new role you return to your desk to try with the new credentials on the paper, you enter the password, and you see the message "The username or password is incorrect. Try again.". Once again you return to the IT department, and they check what happened with the account they see that the password was changed after the initial creation of the account, and they change it once again and write it down for you. Finally, you are ready to start working.

The problem

In the scenario above there are multiple issues for the end-user, but also from an organisational perspective. To avoid going back and forth to IT we usually see that companies are setting a "first-day password", which basically means that they have a standard password for all new hires. This is a big flaw since we know that this won't get rotated and once you know about it anyone with the password can log into this account. Apart from the security problems with this solution, the time wasted on this by the new employee and your precious IT-support staff, it also results in a bad end user experience. And how would an organisation like this solve remote onboarding?

Don't worry, there is a solution

Enter Okta. Okta is the leading Identity and access platform on the market, supplying frictionless SSO and MFA for end users. Okta also handles the identity lifecycle, for example onboarding. Using Okta, it is possible to send out an activation link on a new employee’s first day, directly to their personal email. This allows the end-user to set their own password before they try to log in to their computer. This can be applied with any of the popular Mobile Device Management (MDM) platforms, like Jamf, Intune or VMware Workspace ONE. You can decide on what level Okta and your MDM will work together. Even if you are not federating to Okta from your MDM, it is still possible to allow the user to set a password that is immediately synchronized and updated in your Identity and Access Management (IAM) platform. The even better scenario is when you are federating to Okta because then you are allowing the user to enrol any additional factors before they try to log in for the first time.

The user experience becomes a lot different when they can login directly with the credentials that they just set to the new computer that they have never started before. There is no need to talk to IT because the end user is in control of credentials from step one. So, no matter if you are using Okta as a lifecycle management tool or if you are leveraging Okta for Single Sign-On (SSO) you have the option to make the first day a lot easier both for the end user but also from an organisational perspective, since there is no dependency on assistance from the IT department.

To sum it up

The most common comment we get when suggesting this idea is that we are sending out an activation link to an account that the organisation does not control. To solve this, we ask the manager (or HR-staff, depending on your organisations' processes) to confirm the new employee’s email address before they start. Usually, you need to confirm some other things anyway, which makes this an easy question to ask at the same time. Also, we most likely have the correct email address since it is the one that is being used in the recruiting process and we should have no issues sending out a one-time activation email.

From our experiences of implementation and consulting services regarding identity solutions, the ability to make something more convenient can have huge benefits in terms of efficiency, allowing your IT department to focus on more critical issues rather than such repeatable processes like helping new hires on their first day. The other win is to get your new employees up and running with the lowest amount of friction possible and you can continue with other onboarding processes more focused on your core business.
Your new employee being able to access all their applications directly from Okta after this smooth onboarding process is just a bonus!