loading...

Okta Deployment

Description

I led a comprehensive migration of our Identity Provider (IDP) from JumpCloud to Okta, aiming to enhance security, improve user experience, and establish a robust identity and access management foundation for the company. The project involved transitioning authentication for 200 different SaaS applications within a 12-month timeframe, all achieved with a small team of just two people.

Objectives
  • Enhance Security and User Experience: Upgrade to an industry-leading IDP to provide stronger security measures and a more seamless sign-in process for users accessing SaaS applications.
  • Implement Advanced Authentication Policies: Develop custom authentication policies within Okta that match the sensitivity of each application, requiring additional layers of authentication for more sensitive applications.
  • Achieve Passwordless Authentication: Transition to a fully passwordless authentication system, leveraging biometric authentication as the primary method.
  • Automate Provisioning and Deprovisioning: Implement SCIM (System for Cross-domain Identity Management) to automate user attribute syncing and reduce manual efforts.
  • Establish a Single Source of Truth: Transform our identity management system to ensure consistent and accurate user data across all applications.
  • Develop In-House Automation Tools: Create custom solutions to facilitate the migration process and improve operational efficiency.
  • Reduce Authentication Time: Cut down authentication time for users by 60%, improving productivity across the company.
  • Build Comprehensive Documentation: Create detailed documentation for all app configurations to assist the service desk team in managing user access efficiently.
My Involvement
  • Project Leadership: Spearheaded the entire migration project from initial planning to full execution, setting an ambitious timeline of one year and achieving it successfully.
  • Team Coordination: Collaborated closely with one other team member, maximizing resources and teamwork to meet our goals.
  • Advanced Authentication Implementation:
    • Custom Authentication Policies: Developed policies in Okta that align with the sensitivity levels of applications, enforcing additional authentication steps—such as multi-factor and biometric authentication—for high-risk applications.
    • Passwordless Authentication: Achieved a fully passwordless environment by leveraging biometric authentication as the primary method, a significant security enhancement.
    • Endpoint Authentication: Implemented Okta’s Desktop Password Sync, synchronizing users’ Okta passwords with their computer passwords to streamline login processes. Plans are underway to roll out passwordless authentication for endpoints as well.
  • Automation Development:
    • BuiltBot Creation: Developed an internal Slack bot named BuiltBot, which directly interacted with users to guide them through the migration process, allowing them to take necessary actions and receive real-time updates.
    • Endpoint Management: Automated the removal of the JumpCloud agent from user endpoints and deployed the Okta Verify agent via our Mobile Device Management (MDM) system.
    • API Integration: Utilized API calls to various platforms to monitor user setup completion and ensure a smooth transition.
  • Identity Architecture Enhancement:
    • Foundational Architecture Development: Established foundational elements of our identity and access management program, including consistent naming schemas and data flows.
    • Source of Truth Establishment: Configured Okta to act as the central hub for identity management, pulling information from our Human Resources Information System (HRIS), Rippling, which serves as the actual source of truth.
    • Downstream Synchronization: Ensured all downstream applications pull and sync user attributes from Okta, maintaining data consistency across platforms.
  • SCIM Implementation:
    • Automated user attribute syncing through SCIM for applications like Google Workspace, Slack, and technical platforms like AWS.
    • Reduced license costs and manual provisioning efforts by automating user onboarding and offboarding processes.
  • Documentation Development:
    • Comprehensive Documentation System: Built a new documentation system detailing all app configurations, enabling our service desk team to efficiently grant access and assign users via Okta.
    • Ground-Up Approach: Created documentation for every application integrated with Okta from scratch, as no prior documentation existed with JumpCloud.
Successes & Failures
Challenges
  • Ambitious Timeline: Completing the migration of 200 SaaS applications within 12 months required meticulous planning and efficient execution.
  • Resource Constraints: Achieving such a large-scale migration with a two-person team demanded effective time management and prioritization.
  • Complex Automation Requirements: Developing in-house tools like BuiltBot to manage user interactions and automate processes added layers of technical complexity.
  • User Adoption: Encouraging users to adopt new authentication methods, such as passwordless and biometric authentication, and guiding them through the transition.
  • Data Consistency: Ensuring accurate and consistent user data across all applications during and after the migration.
Solutions and Achievements
  • Successful Migration: Completed the full migration on schedule, enhancing security and improving user experience across the company.
  • Advanced Authentication Implementation:
    • Custom Policies: Successfully developed and implemented authentication policies tailored to application sensitivity, adding extra security layers where needed.
    • Passwordless Environment: Transitioned to a fully passwordless authentication system, significantly enhancing security and user convenience.
    • Biometric Authentication: Leveraged biometric methods as the primary authentication lever, increasing security and reducing reliance on passwords.
    • Reduced Authentication Time: Cut down authentication time for users by 60%, resulting in substantial time savings and increased productivity across the company.
  • Efficient Use of Resources: Maximized the capabilities of a small team to deliver a project typically requiring a larger workforce.
  • BuiltBot Effectiveness: The custom Slack bot streamlined user communication and actions, leading to high user engagement and a smooth migration experience.
  • Foundational Improvements:
    • Identity Architecture: Established a robust identity management framework with clear naming conventions and data flows.
    • Centralized Data Management: Transformed Okta into an effective central hub for identity management, seamlessly integrating with Rippling and downstream applications.
  • Operational Efficiency:
    • Automation: Automated provisioning and deprovisioning reduced manual workload and minimized human error.
    • Cost Savings: Achieved cost savings by optimizing license usage across multiple SaaS platforms.
  • Comprehensive Documentation:
    • Service Desk Empowerment: Provided the service desk team with detailed documentation, improving their ability to grant access and assign users efficiently.
    • Knowledge Base Creation: Established a repository of information for every app integrated with Okta, enhancing internal processes and knowledge sharing.
Outcome

The migration to Okta was a significant success, meeting all objectives within the set timeline. The project resulted in a more secure, efficient, and user-friendly authentication system for over 200 SaaS applications. Implementing advanced authentication methods, including passwordless and biometric authentication, greatly enhanced security and user experience. Reducing authentication time by 60% led to substantial productivity gains company-wide. The foundational architecture improvements, automation implementations, and comprehensive documentation have provided long-term benefits, including streamlined operations, reduced costs, and a scalable identity management framework that supports future growth.

Key Takeaway

By leading a complex migration with limited resources, I demonstrated the ability to manage large-scale projects, develop innovative solutions like BuiltBot, and enhance the company’s overall security and operational efficiency. Implementing advanced authentication policies and achieving a passwordless environment showcased our commitment to security and innovation. The significant reduction in authentication time improved productivity across the company. Establishing comprehensive documentation set a new standard for internal processes and knowledge management. This project highlighted my skills in project management, technical development, and strategic planning, contributing to a transformative improvement in our identity and access management program.

Details
  • Company Built Technologies, Inc.
  • Project Timeline January 2023 - January 2024
Categories: Built TechnologiesIAM