Skip to content
Oblique Docs

How Oblique works

Oblique acts as a bridge between your existing HRIS, like Workday, and identity provider, like Okta. Oblique syncs users and attributes from Workday, enables IT admins to define attribute-based and team-based groups and entitlements in Oblique, and then syncs the effective entitlements to enforcement points like Okta, Google Workspace, Slack, and GitHub.

This architecture means Oblique isn’t in the critical path for access decisions—it manages the source of truth for who should have access, while your existing systems continue to enforce those decisions.

How Oblique Works

How Oblique works

Section titled “How Oblique works”

  1. Sync users and attributes from your systems

    Oblique starts by pulling user data from your existing systems through integrations. This includes:

    • Users from your identity provider, like Okta, or HR system, like Workday
    • User attributes, such as department, location, employment status, cost center, and job title
    • Resources that need access control, like Okta groups and Google groups

    Oblique automatically and continuously syncs integrations. You can configure how often syncs happen.

  2. Define groups based on your organization’s needs

    Create groups in Oblique to organize users logically:

    • Attribute-based groups include users who match specific criteria based on user attributes, for example, “San Francisco Engineers” are all users in San Francisco and in the Engineering department.

    • Team groups are manually managed collections of users, for example, “Project Alpha” for a temporary project team working on a new feature launch.

    Groups automatically update as user attributes change or as team membership is modified.

  3. Grant access through entitlements

    Entitlements connect your groups to the resources they need access to. For example, you might grant the “Engineering” group access to the “GitHub Admin” Okta group, or grant the “Project Alpha” team access to the “Alpha Slack Channel” Google group.

    Entitlements can expire to allow for time-limited access, and can include justifications to explain why access is needed for compliance and auditing.

  4. Push access decisions to your systems

    Oblique automatically pushes the effective access back to your connected systems, for example, by updating Okta or Google group membership. Audit logs are maintained for all access changes.