This company faced a single sign-on nightmare as it went all cloud

Credit: iStockPhoto

In 2010, networking company Enterasys adopted a new strategy it called "cloud first," where it would  primarily use cloud services rather than deploy and manage on-premise apps.

"There's this idea of how you can work on any device and everyone talks about this as if it's a thing in the future," said Ben Doyle, director of IT applications at Enterasys. But Doyle feels like his company has already reached this efficient, device-agnostic way of working. "I don't use thick client apps. I work on a Mac and I can do things that were unimaginable to me three years ago," he said.

Today, Enterasys has provisioned around 80 different apps for employees, although depending on the workers' job most use between 12 and 20 apps regularly. In addition, employees can now self-provision apps of their choosing and have done so hundreds of times.

The Critical Catalyst That Let This Pharma Company Go 100% Cloud
FINAL WEEK to register for CITE! Don’t miss the Sunday interactive workshops.

Before enabling so many apps, the company knew from experience that it would need to figure out a reliable way to manage them. That's where authentication service Okta came in.

Enterasys first became a Salesforce customer in 2003, with all employees licensed to use the service. Enterasys was using Active Directory to give users a single sign on for applications and wanted to let them use that same sign on for Salesforce. So the company built its own service integration with Active Directory.

Despite its best efforts to make that system reliable and resilient, it wasn't. Enterasys used two web servers so that if one failed it would roll over to the next. "Inevitably something wouldn’t work right and users on one server wouldn't fall onto the other. We ended up in a situation fairly regularly where some portion of our users, up to half, wouldn't be able to access [Salesforce], one of our most mission-critical apps," Doyle said.

That process wouldn't get easier when adding additional web services. Enterasys figured it would cost about $25,000 to do such integration, plus ongoing maintenance costs.

Instead, Enterasys decided to give Okta a try about three years ago. With Okta, users log in to their Okta dashboard using their Active Directory credentials. They add the apps they want to use from the dashboard and launch them from there.

Enterasys pays about $66,000 a year to license Okta, but the savings are huge, according to a three-year Forrester report. (The report was paid for by Okta.)

Over the three years, Forrester said that Enterasys saved nearly $2 million, primarily due to reduced IT time spent provisioning and deprovisioning services (requests were reduced 75 percent with Okta), fewer help desk requests for forgotten URLs and to rest passwords (the number of requests declined by 80 percent), and improved user productivity. Because employees didn't have to remember dozens of different passwords and log-on URLs, their improved productivity was worth $1.3 million over the three years, calculated Forrester (increased productivity of 25 minutes per week per employee for half the workers at the company).

Okta offers Enterasys some other benefits over its old home-grown authentication system as well.

Previously, when people left the company, the person responsible for managing the use of a cloud application at the company might not know, leaving a security hole. With Okta, when IT deprovisions a worker from Active Directory, that person is automatically deprovisioned from all the cloud services that they accessed through the Okta dashboard.

Doyle has also learned a lot by watching which apps employees are using and can help spread the word about apps that are growing popular.