We implemented OneLogin as a safer Identity Provider (IdP) to single sign-on, and then provided the two-factor authentication... we felt the implementation went very well and it provided the solution we wanted.
The British Red Cross, established in 1870, helps people in crisis, whoever and wherever they are. It is part of the International Red Cross and Red Crescent Movement, the world’s largest independent humanitarian network, responding to conflicts, natural disasters and individual emergencies around the world.
In the UK, the British Red Cross has 300 sites and 300 offices, staffed by 2,500 permanent employees and 20,000 volunteers, all dedicated to providing support for refugees, independent living, mobility aid, educational services, and other services to support some of the UK’s most vulnerable people.
Challenges
With staff and volunteers providing such critical support to those in need, it is essential that the technology used is not only reliable, but scalable and agile, enabling them to quickly and efficiently implement focused aid efforts whenever called upon.
Of the thousands of permanent employees and volunteers spread disparately around the UK, up to 2,000 log in to the British Red Cross’ systems. To ensure secure access, often remotely, to British Red Cross assistance and the organisation’s modern technology solutions such as Office 365, whenever and wherever required, enabling single sign-on (SSO) was a priority.
However, the organisation required more than SSO. Its work with organisations like the NHS means that it must have Level 2 compliance, and two-factor authentication is the clearest route to fulfilling stringent access criteria.
Delivering a SSO solution that ticked all the boxes for compliance, and ensured secure remote access to its services was imperative, but even more critical was providing a solution that would affect actual cultural change within the organisation. Multi-factor authentication was an alien concept to many of its volunteers. As such, the technology would be ineffective, unless the British Red Cross could provide a solution that would be easy to use and encourage positive uptake.
Solution
The British Red Cross already had Microsoft Active Directory Federation Services (ADFS) in place, but to achieve the compliance necessary to work with external partners and businesses, and also ensure its user communities could access business applications securely via SSO, the IT team identified that a Software as a Service (SaaS) solution would provide everything required.
After considering numerous options, research indicated that OneLogin was the strongest provider of SSO integration, providing the functionality required for the immediate operational needs of the organisation, and the scope to roll-out further cloud applications in the future, as required.
Results
“The roll-out was completed in two phases for us. We implemented OneLogin as a safer Identity Provider (IdP) to single sign-on, and then provided the two-factor authentication for our internet-facing, key business applications. From our perspective, we felt the implementation went very well and it provided the solution we wanted” said Phil Paul, Head of Service Delivery, at the British Red Cross. “The planning took a few weeks, but we transitioned from the Microsoft solution to OneLogin in just one evening. Ensuring implementation happened seamlessly was of the utmost importance to us and we didn’t experience any disruption to our Office 365 service, so from that perspective, it was a very successful transition.”
The main benefit was to ensure partner compliance when working with organisations such as the NHS. OneLogin’s solution means that the British Red Cross can submit Level 2 compliance documentation to any partner, effortlessly ticking every box.
Why OneLogin?
OneLogin brings speed and integrity to the modern enterprise with an award-winning single sign-on and identity management platform. Our portfolio of solutions secure connections across all users, all devices and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire app portfolios.