![](https://ty-kelley.com/wp-content/uploads/2024/09/okta_hero-500x500.png)
Okta Deployment
I led a comprehensive migration of our Identity Provider (IDP) from JumpCloud to Okta, aiming to enhance security, improve user experience, and establish a robust identity and access management foundation for the company. The project involved transitioning authentication for 200 different SaaS applications within a 12-month timeframe, all achieved with a small team of just two people.
- Enhance Security and User Experience: Upgrade to an industry-leading IDP to provide stronger security measures and a more seamless sign-in process for users accessing SaaS applications.
- Implement Advanced Authentication Policies: Develop custom authentication policies within Okta that match the sensitivity of each application, requiring additional layers of authentication for more sensitive applications.
- Achieve Passwordless Authentication: Transition to a fully passwordless authentication system, leveraging biometric authentication as the primary method.
- Automate Provisioning and Deprovisioning: Implement SCIM (System for Cross-domain Identity Management) to automate user attribute syncing and reduce manual efforts.
- Establish a Single Source of Truth: Transform our identity management system to ensure consistent and accurate user data across all applications.
- Develop In-House Automation Tools: Create custom solutions to facilitate the migration process and improve operational efficiency.
- Reduce Authentication Time: Cut down authentication time for users by 60%, improving productivity across the company.
- Build Comprehensive Documentation: Create detailed documentation for all app configurations to assist the service desk team in managing user access efficiently.
- Project Leadership: Spearheaded the entire migration project from initial planning to full execution, setting an ambitious timeline of one year and achieving it successfully.
- Team Coordination: Collaborated closely with one other team member, maximizing resources and teamwork to meet our goals.
- Advanced Authentication Implementation:
- Custom Authentication Policies: Developed policies in Okta that align with the sensitivity levels of applications, enforcing additional authentication steps—such as multi-factor and biometric authentication—for high-risk applications.
- Passwordless Authentication: Achieved a fully passwordless environment by leveraging biometric authentication as the primary method, a significant security enhancement.
- Endpoint Authentication: Implemented Okta’s Desktop Password Sync, synchronizing users’ Okta passwords with their computer passwords to streamline login processes. Plans are underway to roll out passwordless authentication for endpoints as well.
- Automation Development:
- BuiltBot Creation: Developed an internal Slack bot named BuiltBot, which directly interacted with users to guide them through the migration process, allowing them to take necessary actions and receive real-time updates.
- Endpoint Management: Automated the removal of the JumpCloud agent from user endpoints and deployed the Okta Verify agent via our Mobile Device Management (MDM) system.
- API Integration: Utilized API calls to various platforms to monitor user setup completion and ensure a smooth transition.
- Identity Architecture Enhancement:
- Foundational Architecture Development: Established foundational elements of our identity and access management program, including consistent naming schemas and data flows.
- Source of Truth Establishment: Configured Okta to act as the central hub for identity management, pulling information from our Human Resources Information System (HRIS), Rippling, which serves as the actual source of truth.
- Downstream Synchronization: Ensured all downstream applications pull and sync user attributes from Okta, maintaining data consistency across platforms.
- SCIM Implementation:
- Automated user attribute syncing through SCIM for applications like Google Workspace, Slack, and technical platforms like AWS.
- Reduced license costs and manual provisioning efforts by automating user onboarding and offboarding processes.
- Documentation Development:
- Comprehensive Documentation System: Built a new documentation system detailing all app configurations, enabling our service desk team to efficiently grant access and assign users via Okta.
- Ground-Up Approach: Created documentation for every application integrated with Okta from scratch, as no prior documentation existed with JumpCloud.
Challenges
- Ambitious Timeline: Completing the migration of 200 SaaS applications within 12 months required meticulous planning and efficient execution.
- Resource Constraints: Achieving such a large-scale migration with a two-person team demanded effective time management and prioritization.
- Complex Automation Requirements: Developing in-house tools like BuiltBot to manage user interactions and automate processes added layers of technical complexity.
- User Adoption: Encouraging users to adopt new authentication methods, such as passwordless and biometric authentication, and guiding them through the transition.
- Data Consistency: Ensuring accurate and consistent user data across all applications during and after the migration.
Solutions and Achievements
- Successful Migration: Completed the full migration on schedule, enhancing security and improving user experience across the company.
- Advanced Authentication Implementation:
- Custom Policies: Successfully developed and implemented authentication policies tailored to application sensitivity, adding extra security layers where needed.
- Passwordless Environment: Transitioned to a fully passwordless authentication system, significantly enhancing security and user convenience.
- Biometric Authentication: Leveraged biometric methods as the primary authentication lever, increasing security and reducing reliance on passwords.
- Reduced Authentication Time: Cut down authentication time for users by 60%, resulting in substantial time savings and increased productivity across the company.
- Efficient Use of Resources: Maximized the capabilities of a small team to deliver a project typically requiring a larger workforce.
- BuiltBot Effectiveness: The custom Slack bot streamlined user communication and actions, leading to high user engagement and a smooth migration experience.
- Foundational Improvements:
- Identity Architecture: Established a robust identity management framework with clear naming conventions and data flows.
- Centralized Data Management: Transformed Okta into an effective central hub for identity management, seamlessly integrating with Rippling and downstream applications.
- Operational Efficiency:
- Automation: Automated provisioning and deprovisioning reduced manual workload and minimized human error.
- Cost Savings: Achieved cost savings by optimizing license usage across multiple SaaS platforms.
- Comprehensive Documentation:
- Service Desk Empowerment: Provided the service desk team with detailed documentation, improving their ability to grant access and assign users efficiently.
- Knowledge Base Creation: Established a repository of information for every app integrated with Okta, enhancing internal processes and knowledge sharing.
The migration to Okta was a significant success, meeting all objectives within the set timeline. The project resulted in a more secure, efficient, and user-friendly authentication system for over 200 SaaS applications. Implementing advanced authentication methods, including passwordless and biometric authentication, greatly enhanced security and user experience. Reducing authentication time by 60% led to substantial productivity gains company-wide. The foundational architecture improvements, automation implementations, and comprehensive documentation have provided long-term benefits, including streamlined operations, reduced costs, and a scalable identity management framework that supports future growth.
By leading a complex migration with limited resources, I demonstrated the ability to manage large-scale projects, develop innovative solutions like BuiltBot, and enhance the company’s overall security and operational efficiency. Implementing advanced authentication policies and achieving a passwordless environment showcased our commitment to security and innovation. The significant reduction in authentication time improved productivity across the company. Establishing comprehensive documentation set a new standard for internal processes and knowledge management. This project highlighted my skills in project management, technical development, and strategic planning, contributing to a transformative improvement in our identity and access management program.
View Project![](https://ty-kelley.com/wp-content/uploads/2024/09/bko_thumbnail-500x500.jpeg)
Built Kick Off
I played a pivotal role in elevating our company’s annual kick-off event, Built Kick-Off (BKO), by leading the technical planning and execution. This year, leadership aimed to transform the event by moving it off-site to a professional venue with advanced audio/visual (A/V) capabilities and a more engaging atmosphere. Leveraging my previous experience with advanced A/V equipment from volunteer work in high school and college, I stepped up to direct the technical aspects of the event.
- Enhance the Event Experience: Transition the annual kick-off to a professional venue to create a dynamic and engaging environment for all team members.
- Deliver High-Quality A/V Production: Utilize advanced A/V equipment to improve in-house visuals and ensure a seamless broadcast for remote attendees via Zoom.
- Cost Efficiency: Achieve a high-caliber event without the expense of hiring external A/V companies, thereby saving the company significant funds.
- Technical Planning Lead: Took the initiative to lead the technical planning for the event, drawing upon my A/V expertise.
- A/V Technical Director: Acted as the technical director on the day of the event, managing both the in-house A/V setup and the live Zoom broadcast.
- Cross-Functional Collaboration: Coordinated with various teams across the company and worked closely with the executive team to ensure all technical requirements were met.
- Resource Management: Optimized the use of in-house resources and equipment to deliver a professional-quality event without external assistance.
Challenges
- Complex Technical Setup: Managing advanced A/V equipment in an unfamiliar venue required meticulous planning and technical proficiency.
- Dual Audience Engagement: Needed to provide an exceptional experience for both in-person attendees and remote participants.
- Budget Constraints: Aimed to deliver a Fortune 500-level event experience while adhering to budget limitations.
- High Expectations: Ensuring a flawless execution under the scrutiny of leadership and the entire company.
Solutions and Achievements
- Flawless Execution: Delivered a seamless event that exceeded expectations, with smooth transitions and high-quality audio and visuals.
- Cost Savings: Successfully executed the event without the need for expensive external A/V companies, saving the company tens of thousands of dollars.
- Positive Feedback: Received overwhelming positive feedback from the executive team and employees, who were impressed by the professionalism of the event.
- Boosted Morale: The event energized the team and fostered a revitalized enthusiasm as the company entered a critical year for our product.
- Effective Remote Broadcast: Managed a high-quality Zoom broadcast that allowed remote team members to fully participate and engage with the event.
The event was a resounding success, transforming our annual kick-off into a high-caliber experience typically associated with much larger organizations. My leadership in technical planning and execution not only elevated the quality of the event but also demonstrated how in-house expertise can achieve outstanding results while being cost-effective. The success of BKO set a positive tone for the year ahead, aligning the team with the company’s goals and invigorating everyone involved.
View Project
![](https://ty-kelley.com/wp-content/uploads/2024/09/TwinGate-500x500.jpeg)
Zero-Trust Network Access (ZTNA) Deployment
I led a pivotal project to migrate our company’s VPN infrastructure from a self-hosted OpenVPN server to Twingate, a third-party SaaS solution. This migration was instrumental in implementing Zero-Trust Network Access (ZTNA) principles across the organization.
- Enhance Security: Our existing OpenVPN setup lacked support for modern authentication standards like Single Sign-On (SSO) and Multi-Factor Authentication (MFA). Upgrading was essential to boost security and maintain SOC compliance.
- Network Segmentation: The old infrastructure grouped resources into just two networks, preventing proper segmentation and granting users excessive access. We aimed to adopt ZTNA best practices by segmenting resources more effectively.
- Reduce Maintenance Overhead: Managing the self-hosted OpenVPN server required frequent security patches and maintenance, diverting resources from other critical tasks.
Recognizing critical weaknesses in our existing VPN infrastructure, I took the initiative—without a directive from leadership—to:
- Identify and Analyze Issues: Noticed the lack of modern authentication, inadequate network segmentation, and high maintenance demands affecting our security posture and operational efficiency.
- Develop a Comprehensive Improvement Plan: Crafted a strategic proposal to overhaul our VPN system, focusing on enhancing security and user experience.
- Recommend Optimal Solutions: Researched and evaluated potential platforms, ultimately recommending Twingate as the best fit for our needs.
- Lead the Implementation: Orchestrated the migration process, ensuring a seamless transition with near-zero downtime.
In addition, I:
- Collaborated Cross-Functionally: Worked closely with the Cloud Platform team to develop Infrastructure as Code (IaC) using Terraform for Twingate deployment and to design the appropriate network architecture in AWS.
- Optimized User Experience: Developed custom automations and communication strategies to ensure the new solution was user-friendly for both technical and non-technical team members.
Challenges
- Zero Downtime Requirement: Our developers relied heavily on VPN access for their daily tasks, making uninterrupted connectivity crucial.
- Complex Coordination: The project required synchronization between multiple teams and integration of various technologies.
- User Adoption: With a diverse user base, the solution needed to be intuitive to minimize disruption and support requests.
Solutions and Achievements
- Seamless Migration: Achieved near-zero downtime during the transition, allowing uninterrupted productivity.
- Custom Automations: Developed in-house automation tools leveraging APIs from Twingate and our Mobile Device Management systems to guide users through the migration. This included real-time updates on software uninstallation, Twingate installation, and proactive alerts for any issues.
- Rapid Adoption: Successfully migrated 90% of team members within a single day due to efficient communication and user-friendly processes.
- Consolidation of VPN Services: Unified our AWS (development) VPN and corporate VPN under Twingate, simplifying management and reducing costs.
The project was completed in an impressive six-month timeframe from initial discussions to full deployment. We now have resource-level network segmentation directly tied to AWS IAM groups, enabling synchronized logical and network access provisioning. The end-user experience remains seamless, but we’ve significantly enhanced our security infrastructure and identity and access management capabilities. This holistic implementation of zero-trust networking has strengthened our organization’s security posture and operational efficiency.
View Project
![](https://ty-kelley.com/wp-content/uploads/2024/09/mac_boot-500x500.jpeg)
OS Update Automation
Project details coming soon…