You’ve just acquired Okta and have no idea where to start.

You’re ready to roll up your sleeves and start integrating applications, but wait! Your tenant is empty. If you don’t lay down solid foundations, you might regret it later.

Here’s what I would do if I had to start from scratch today:

Make Sure You Have a Profile Source

Okta is a powerful tool, but it’s useless without users.

There are many ways to create users in Okta, but in my opinion, the most powerful one is connecting a Profile Source.

There are tons of available options: Workday, BambooHR, Active Directory, LDAP, UKG, and more.

Connecting a source of truth from your HR systems allows you to sync valuable information automatically. This data can be leveraged later for workflows, group assignments, and more.

Tip for smaller companies: You can also use Okta Direct Input. While it’s not ideal and I wouldn’t recommend it, it can work if you don’t have other options — but treat it as a last resort.

Map Every Attribute You Can

Once your source is connected, it’s time to take full advantage of the incoming data.

Map every attribute you can, even if some seem irrelevant now. Trust me, you never know when you’ll need them.

Start with the essentials:

• team
• department
• location
• division
• manager
• office

The more metadata you collect, the more powerful your automations and policies will be.

Create Dynamic Groups

Now that you have user data, it’s time to put it to use.

Dynamic groups let you assign users automatically based on attribute-based rules. For example:

• HR Department
• Finance Team
• Barcelona Office
• US Employees
• IT Support

You don’t need to manually manage membership. Any changes in your source of truth will be reflected in Okta, and users will move in and out of groups automatically based on the defined logic.

Define Access Roles

You won’t be the only one managing Okta.

Set up access roles based on each person’s responsibilities:

• Read-only Admin
• Group Membership Admin
• Application Admin
• Super Admin (only if absolutely necessary)

This step takes a bit of time, but it’s worth it. Delegating access properly reduces risk and improves operational efficiency.

Define Authentication Policies

Security should always be a top priority.

Set up authentication policies tailored to your applications. Not all apps are created equal, accessing Salesforce is not the same as accessing Udemy.

I recommend:

• Enforcing 2FA
• Applying IP restrictions
• Restricting access by device (if capable)

Be strict, especially with critical systems. Better safe than sorry.

In Summary

These five steps will help you build a strong, reliable tenant, ready for growth, app integration, and secure daily operations.

As for app integration… we’ll save that for another post.