You’ve just acquired Okta and have no idea where to start.

You’re ready to roll up your sleeves and start integrating applications, but wait! Your tenant is empty. If you don’t lay down solid foundations, you might regret it later.

Here’s what I would do if I had to start from scratch today:

Make Sure You Have a Profile Source

Okta is a powerful tool, but it’s useless without users.

There are many ways to create users in Okta, but in my opinion, the most powerful one is connecting a Profile Source.

There are tons of available options: Workday, BambooHR, Active Directory, LDAP, UKG, and more.

Connecting a source of truth from your HR systems allows you to sync valuable information automatically. This data can be leveraged later for workflows, group assignments, and more.

Tip for smaller companies: You can also use Okta Direct Input. While it’s not ideal and I wouldn’t recommend it, it can work if you don’t have other options — but treat it as a last resort.

Map Every Attribute You Can

Once your source is connected, it’s time to take full advantage of the incoming data.

Map every attribute you can, even if some seem irrelevant now. Trust me, you never know when you’ll need them.

Start with the essentials:

• team
• department
• location
• division
• manager
• office

The more metadata you collect, the more powerful your automations and policies will be.

Create Dynamic Groups

Now that you have user data, it’s time to put it to use.

Dynamic groups let you assign users automatically based on attribute-based rules. For example:

• HR Department
• Finance Team
• Barcelona Office
• US Employees
• IT Support

You don’t need to manually manage membership. Any changes in your source of truth will be reflected in Okta, and users will move in and out of groups automatically based on the defined logic.

Define Access Roles

You won’t be the only one managing Okta.

Set up access roles based on each person’s responsibilities:

• Read-only Admin
• Group Membership Admin
• Application Admin
• Super Admin (only if absolutely necessary)

This step takes a bit of time, but it’s worth it. Delegating access properly reduces risk and improves operational efficiency.

Define Authentication Policies

Security should always be a top priority.

Set up authentication policies tailored to your applications. Not all apps are created equal, accessing Salesforce is not the same as accessing Udemy.

I recommend:

• Enforcing 2FA
• Applying IP restrictions
• Restricting access by device (if capable)

Be strict, especially with critical systems. Better safe than sorry.

In Summary

These five steps will help you build a strong, reliable tenant, ready for growth, app integration, and secure daily operations.

As for app integration… we’ll save that for another post.

Let’s be honest — you really can’t trust anything on the network anymore.

With remote work and everything moving to SaaS, we just can’t assume anything is safe – and to be fair, many times, we are the biggest threats to our systems.

That’s when the world started turning to Zero Trust.
You’ve probably heard the phrase:

“Never trust, always verify.”

Sounds great, right? But actually implementing it isn’t easy – and can be a real pain in the neck.

So, what is Zero Trust really?

It’s not a piece of software or a configuration setting. It’s more of a mindset – a different way of thinking about access and security. Something like:

• Identity is everything. Doesn’t matter where you are – it matters who you are.
• Access is earned, not assumed. Being “inside” doesn’t mean you’re in.
• You only get what you need. No more blanket admin rights.
• Logs are your best friend. Because if you’re not watching… someone else might be.

What tools did we use?

Here’s the stack we work with (and personally, it works pretty well for us so far):

• Okta for SSO, MFA, and everything related to identity
• Google Workspace for team productivity and collaboration
• Jamf + Intune to manage all our devices
• Slack and Zoom for everything communication-related
• Confluence to share knowledge and keep everyone in the loop

All these tools are great – but the real challenge is knowing how to use them properly, and that, my friends, is not as easy as it sounds.

Mistakes we’ve made (okay… mostly me)

1. Thinking it was “just an IT project”
   I didn’t involve other teams that were going to be affected. And of course, nobody likes sudden login issues. Better security doesn’t mean people will automatically love the changes.
2. Being too generous with roles
   Giving people more access makes onboarding easier, sure. But later, figuring out who had access to what turned into a nightmare.
3. Believing the official guides would save me
   Not every Okta integration works as described. I had to contact our CSM, open support tickets, and sometimes just rely on good old trial and error.

What I’d do differently now that I know all this

• Talk to the team first. Explain the “why” before changing how they log in. Make sure everyone’s informed.
• Plan roles properly. No improvisation – even if it takes more time, it’s worth it in the long run.
• Document, document, and document. You never know who else will need it. That person might be you at 2 AM.
• Accept this is a journey. It’s not a one-and-done. It needs care and maintenance, always.

Was it worth it?

Absolutely!

We now have better visibility, a more serious onboarding/offboarding process, less reliance on VPNs or “internal trust”, and way more confidence when rolling out new tools.

Thinking of starting this journey yourself?

My advice? Start small. Focus on identity first. Pick one or two tools – and get them right.

Zero Trust sounds big and complicated, but it’s okay to take small steps. And more importantly, it’s okay to make mistakes. If you’re going in the right direction, those small wins will guide you forward.

And seriously… talk to people.
That might just be the most underrated part of doing IT right.