Stage 2
Outgrown SSO
Okta or Entra is live and it covers maybe a fifth of your stack. The rest, the apps without SCIM, the internal tools, the contractors, is still manual. This is where identity work actually concentrates, and where SSO stops helping.
This is you if
- SSO covers only part of your apps
- Half the stack has no SCIM
- Access reviews are still a spreadsheet
- A SOC 2 or ISO audit is on the calendar
Who this is for: Head of IT with SSO live and a growing app sprawl.
The path
- 1Have you heard of the SCIM tax?Field noteWhy so much of your stack is ungoverned, and the pricing pattern behind it.
- 2After Okta, the work that's just startingPlaybookWhat SSO handed you, and the gap it leaves the moment it goes live.
- 3Provisioning non-SCIM apps, without the ticketsPlaybookHow to automate the apps SCIM cannot reach. This is the core of Stage 2.
- 4Stay on Okta SSO, add governance on topPlaybookKeep your SSO. Add the governance layer it was never built to do.
- 5User access reviews, finally with teethPlaybookTurn the rubber-stamp spreadsheet into a review that actually catches things.
- 6Governance theaterField noteHow reviews pass audits while ex-employees keep their accounts. Avoid the trap.
- 7Iden vs Okta Identity GovernanceComparisonWhere Okta's own governance stops, and what fills the gap, in plain comparison.
When you're done
Govern the 80% of your stack SSO cannot reach, and run an access review that would survive an audit.
See how Iden does this