How Okta Users API Enables Truly Agile IT and People Ops

Large companies often deal with complex org structures that challenge both their IT and People Ops teams. We see, for example, large customers composed of multiple, independently-managed business units or regional offices operating independently from one another. These organizations face heterogeneous regulatory environments and tend to make independent technology acquisitions across regions or organizational units; however, parent organizations still need to maintain a certain level of oversight and control.

We also see many of our customers growing very quickly—whether expanding internationally or via mergers and acquisitions—which pushes them to evolve and adapt how they operate across different markets and industries. In all of these scenarios, managing user identities across disjointed environments requires a consistent and cohesive approach. But consolidation within this kind of environment can be incredibly difficult. 

These customers often need to pull and consolidate custom user information across different organizational units and disjointed systems of record, a manual, time-consuming task that often falls on the IT admins. 

Most Okta customers use Universal Directory (UD) as their Central Identity Management control plane. This helps customers manage all user identities within the organization, employees, partners, contractors, and even your customers and user groups — whether created in Okta or imported from a third-party system. 

We have invested in making UD perform at the scale and pace that global business demands today. And earlier this year, we announced User Types, which enables customers to organize 3 key elements:

• Create multiple clusters of users based on specific attributes
• Segment users to allow the mapping of user access rights
• Extract useful information about different user groups 

But that still wasn’t quite enough. Our customers tell us they need to extract custom user information in a faster, more efficient, and scalable way. 

This is where the Okta User API comes in. This feature allows customers to return critical user information from any source of truth, whether that’s Okta or a third-party directory. We are making our Users API more flexible to allow customers to pull user information—without the need to always return the users’ credentials, which we call the “credentials object”. Pulling user credentials accounts for 80% of the processing power needed to return a full user object, regardless of whether this information is needed. With this update, admins can pull valuable user information from any source in a fraction of the time it used to take. This allows them to streamline people and IT ops to support critical business goals. In testing, this capability delivered 5x more requests per minute.

Our long-term aim is to make this the default behavior in our Users API. So that, when pulling user information, there’s no need to create custom configurations to exclude the credential object. But admins can always broaden their query to pull credential information when required. 

Intrigued? Check out this step-by-step guide on how to omit unnecessary user data and achieve higher performance using the Okta User API.