Automating Onboarding with Greenhouse and Okta Workflows

Once your ATS and your identity provider are both in place, the gap between them is usually still a human. Someone reads that a candidate was hired in Greenhouse, then manually creates accounts and assigns access. Okta Workflows closes that gap with no code, turning a hire into provisioned access automatically.

The trigger

The chain starts when a candidate reaches the hired stage. There are two clean ways to kick off the automation:

• From the HRIS. Greenhouse hands the new hire to your HRIS, and Okta provisions from the HRIS as the source of truth. This is the most robust pattern, because HR data stays authoritative.
• From Greenhouse directly. Okta Workflows can poll or receive a webhook from Greenhouse for a status change, useful when you need access ready before the HRIS record is fully baked.

The flow

A typical Okta Workflow for a new hire does this in sequence:

1. Read the new hire’s attributes (name, role, department, start date, manager).
2. Create the Okta user, or activate a pre-staged account on the start date.
3. Assign group memberships by role, which cascade into app access and SCIM provisioning.
4. Generate the email/UPN and write it back so downstream systems agree.
5. Notify the manager and IT with a summary, and create any onboarding tasks.

Build it to be safe

• Idempotent steps so a re-run never creates duplicate accounts.
• Date-aware activation so access turns on at start date, not at offer signing.
• A failure branch that alerts a human instead of silently dropping a hire.
• A clear audit trail of what was created and when, for your next access review.

Why it matters

This is lifecycle automation made concrete. The recruiter’s action in Greenhouse becomes the single event that drives provisioning, and the same architecture runs in reverse for offboarding. No tickets, no forgotten access, and a new hire who is productive on day one instead of day three.