Administration in an enterprise environment using OKTA

Hello,

I am looking for help with administering Monday.com in a granular fashion. Here is our environment.

  1. We have a single instance that we want to share with many departments across our organization.

  2. Each department will purchase their own licenses which will be added to the single instance.

  3. We have Okta for SSO.

  4. We have developers on staff who can write an API if necessary.

We have the following constraints.

  1. Because each department funds their Monday licenses we need to ensure one department does not accidentally use another department’s licenses

  2. We need to ensure that any potential purchases from the Monday app store are applied only to the group who purchased them. In addition, we need to make sure that only the group who purchased the app has access to it.

  3. We would love to use Okta to provision as well as delete users when they no longer need access to Monday

  4. We are concerned that much of this work must be done manually which is prone to user error and time consuming

  5. We looked into SCIM, but that will not work because it will override the settings in Monday when it runs.

  6. We would like each department to have rights to administer only their department, but it looks like when it comes to admin rights, it is either all or nothing.

Basically we need this to run as an enterprise application with central administration with as many automated tasks as possible to reduce the manual effort risk of data errors.

Constraint #2 is not going to be possible. monday.com does not have this level of granularity, beyond granting access by workspace (admin managed). However seat based licensing is account wide, not department or workspace wide - also it is a plan based on your account size, not named users. Usage based apps do not have any method to segregate usage. The marketplace does not have any capability to purchase multiple plans for the same app.

Let me ask you this, what level of collaboration/sync do you require between the departments? What you’re asking for is multiple monday.com accounts that integrate together.

Hi Cody,
We do not expect any collaboration/sync between departments. The only reason we really want a single instance is to reduce the identity access overhead required if each group/department were to have their own instance.

The only reason I’m saying that is many or most of the boundaries youre asking for only exist at the account level in monday.com. right down to license purchase and assignment. There is no way to allocate monday licenses by department for example, except a central administrator managing and controlling it manually.

You could also write a custom SCIM implementation, the API is public. You may be able to create an abstraction that controls licensing on your own system.

But it won’t help with the app purchases issue.