Mind Automates the User Lifecycle with Okta Workflows

A decentralized organization with centralized needs

Mind functions as a federated movement for mental health. Local Minds work directly within communities, running services and retail shops supported by dedicated staff and volunteers. While united under the Mind brand, each local Mind is an independently registered charity with full autonomy. 

This structure brings agility locally but creates complexity for identity and access management (IAM). Each local Mind has its own Microsoft Entra ID tenant, its own processes, and its own administrative model while relying on shared digital services provided by National Mind. 

This made the existing IAM setup increasingly difficult to manage. 

From manual updates to a consistent user lifecycle

Historically, user administration was not working for each local Mind. Changing roles, moving between local Minds, or leaving the organization often required manual updates that could be delayed missed entirely.

Mind already used Okta as a shared identity layer, but the full lifecycle wasn't yet automated. 

Partnering with Cloudworks, Mind extended its Okta platform with a fully automated, standardized lifecycle management process. Using Okta Workflows, user creation, modification, and deactivation now follow a consistent logic across local Minds. 

Cloudworks quickly understood the unique structure of our federation and the challenge of balancing local independence with the need for a central consistency. Their expertise and collaborative approach enabled us to design a solution that works seamlessly across every local Mind, without creating extra complexity for my team. It genuinely felt like a true partnership from start to finish. 

 

Jinder Chana, Head of Infrastructure & Support, Mind

The challenge of reliable access management in a decentralized charity

With many independent entities, IAM challenges became both technical and organizational: 

• Identities were distributed across multiple local tenants 
• Processes varied between locations 
• Staff movement between local Minds was difficult to track
• Integration credentials could expire unexpectedly 
• Central teams relied on repeated coordination with local IT leads

Automation was the only scalable way to ensure consistency while respecting local autonomy. 

The goal was clear: create a centralized, automated lifecycle process that works across all Minds, without changing how local Minds operate day to day.

Okta as the shared identity layer

Okta formed the bridge between Mind's local Microsoft Entra ID tenants and the shared digital services used across the federation. This allowed centralized control without disrupting local setups. 

Cloudworks helped Mind expand Okta with: 

• A Standardized lifecycle process
• Automated creation, updates, and deactivation 
• Clear exception handling and structured error reporting 
• Centrally defined rules applied consistently organization-wide

All lifecycle logic was consolidated into a single end-to-end automated workflow.

Reliable IAM designed for day-to-day operations

Mind needed a solution that would remain stable long after go-live. To support ongoing operations: 

• Centralized error reporting helps identity issues before they impact users
• Automated credential renewal prevents integrations from failing due to expired credentials
• Built-in cleanup routines deactivate long-inactive accounts, increasing security and optimizing license usage

These design choices ensure the solution remains robust as Mind continues to evolve. 

Automating the user lifecycle has fundamentally improved how we manage identity and access across Mind. We have confidence that users receive the right access at the right time and that it's removed as soon as it's no longer needed. This has strengthened our security, reduced manual workloads, and given us a far more future-proof foundation. 

 

Jinder Chana, Head of Infrastructure & Support, Mind