This company faced a single sign-on nightmare as it went all cloud

Credit: iStockPhoto

In 2010, networking company Enterasys adopted a new strategy it called "cloud first," where it would  primarily use cloud services rather than deploy and manage on-premise apps.

"There's this idea of how you can work on any device and everyone talks about this as if it's a thing in the future," said Ben Doyle, director of IT applications at Enterasys. But Doyle feels like his company has already reached this efficient, device-agnostic way of working. "I don't use thick client apps. I work on a Mac and I can do things that were unimaginable to me three years ago," he said.

Today, Enterasys has provisioned around 80 different apps for employees, although depending on the workers' job most use between 12 and 20 apps regularly. In addition, employees can now self-provision apps of their choosing and have done so hundreds of times.

Before enabling so many apps, the company knew from experience that it would need to figure out a reliable way to manage them. That's where authentication service Okta came in.

Enterasys first became a Salesforce customer in 2003, with all employees licensed to use the service. Enterasys was using Active Directory to give users a single sign on for applications and wanted to let them use that same sign on for Salesforce. So the company built its own service integration with Active Directory.

Despite its best efforts to make that system reliable and resilient, it wasn't. Enterasys used two web servers so that if one failed it would roll over to the next. "Inevitably something wouldn’t work right and users on one server wouldn't fall onto the other. We ended up in a situation fairly regularly where some portion of our users, up to half, wouldn't be able to access [Salesforce], one of our most mission-critical apps," Doyle said.

That process wouldn't get easier when adding additional web services. Enterasys figured it would cost about $25,000 to do such integration, plus ongoing maintenance costs.

Instead, Enterasys decided to give Okta a try about three years ago. With Okta, users log in to their Okta dashboard using their Active Directory credentials. They add the apps they want to use from the dashboard and launch them from there.

Enterasys pays about $66,000 a year to license Okta, but the savings are huge, according to a three-year Forrester report. (The report was paid for by Okta.)

Over the three years, Forrester said that Enterasys saved nearly $2 million, primarily due to reduced IT time spent provisioning and deprovisioning services (requests were reduced 75 percent with Okta), fewer help desk requests for forgotten URLs and to rest passwords (the number of requests declined by 80 percent), and improved user productivity. Because employees didn't have to remember dozens of different passwords and log-on URLs, their improved productivity was worth $1.3 million over the three years, calculated Forrester (increased productivity of 25 minutes per week per employee for half the workers at the company).

Okta offers Enterasys some other benefits over its old home-grown authentication system as well.

Previously, when people left the company, the person responsible for managing the use of a cloud application at the company might not know, leaving a security hole. With Okta, when IT deprovisions a worker from Active Directory, that person is automatically deprovisioned from all the cloud services that they accessed through the Okta dashboard.

Doyle has also learned a lot by watching which apps employees are using and can help spread the word about apps that are growing popular.

The key here is giving employees freedom to add the cloud services they find most useful. Okta supports more than 1,300 apps, and Enterasys lets workers add any of those apps onto their Okta dashboards. "The reason I can rationalize that from an IT standpoint is that the Okta catalog is business apps," Doyle said. "So we're comfortable giving employees that type of access."

Enterasys workers have self-provisioned apps, in addition to the 80 apps that the company has provisioned for them, 814 times, Doyle said.

He was surprised to find that workers were provisioning web sites for airlines and rental car agencies to their Okta dashboards so that they could more easily reach those sites, log in, and manage their reward points or book travel. When Doyle sees certain apps becoming more popular, he'll take a screen shot of his report showing the most popular apps and post that using Salesforce Chatter to relevant employee groups as a way of helping workers learn from each other.

Use of new apps spreads naturally, too, he said. "Every meeting we have, someone has their Okta screen up and people will see the apps they have and say 'oh, I didn't realize we could have that app'," he said.

While Enterasys has clearly accomplished its goal of becoming a "cloud-first" company, it does still use some on-premise apps, including SAP and SharePoint.

Doyle recommends that other companies similarly open up to cloud services but he acknowledges that not all are in the same position. "We have the benefit of being a private company not in a regulated industry. I think the closer you get to being a public company in a regulated industry, the greater the hurdles," he said. "But even in those cases you just have to take the extra steps … to ensure security, compliance and continuity."

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies