Just a year ago we rolled out our Enterprise Sandbox feature for Early Preview and a few months later we made it available to everyone. We have seen quite a few of our customers implement Enterprise Sandbox and we wanted to share how they have been using it. But first, let’s clarify what Enterprise Sandbox is in case you aren’t familiar with it.
What is Enterprise Sandbox?
Enterprise Sandbox is a feature that you can add to your main OneLogin plan that enables you to create a full copy of your production environment for testing with the click of a button. This includes your apps, mappings, groups, policies, roles, users and customer user fields among other objects. It does not include certain settings like the connection details for those apps or registered multi-factor authentication (MFA) devices for your users to protect you from mistakenly connecting to any external systems when you are making changes within the sandbox environment.
In addition to our newer Enterprise Sandbox offering, we also have a Developer Sandbox that has been available for several years. The Developer Sandbox is significantly different from an Enterprise Sandbox because it is not a duplicate of the production environment. It has all the same features as your production account, but is a blank slate - it does not contain user info, apps, mappings, etc. This means that Developer Sandboxes can be used to do some simple development and testing, but an Enterprise Sandbox gives you actual production objects to test with.
How is it being used?
There are four main ways that our customers are generally using their Enterprise Sandbox:
- To test changes to mappings
- To test new features
- To test a gradual roll-out of features such as SmartFactor AuthenticationTM
- To do performance testing
Test out mappings
New mappings or changes to existing mappings are one of the most popular features to test out in Enterprise Sandbox. OneLogin Mappings seem like simple “if…then…” statements, but they can quickly become complex. If you have ever worked with simple “if…then…” statements whether as a programmer or simply in an application like Excel, you know that you can very easily make a mistake: you mistype a string or put in greater than (>) instead of less than (<). Making these kinds of mistakes in a production environment can have some serious repercussions. You could very quickly remove access to particular applications to hundreds if not thousands of your users or change the security policy assigned to them and now require MFA when none of them had any MFA devices registered, resulting in an onslaught of helpdesk tickets. By using Enterprise Sandbox, our customers can create their mappings in the Sandbox, test them out, make sure they have the intended effect, then roll them out to their production environment.
Experiment with new features
As a cloud-based solution, we are often rolling out changes to our UI to improve user experience, but we also understand that these changes can cause confusion with end-users if they are not prepared for the changes ahead of time. For example, we recently made some changes to our user profile page. Many customers used their Enterprise Sandbox not only to test the new page, but to also document and train their users before the change was rolled out to their production environment.
Gradually roll out a new feature
Certain features also may take a bit more time to get used to and you might want to test them against multiple use cases. Our SmartFactor Authentication feature includes several of these types of features including Smart Access, Smart MFA and custom login flows, i.e. Smart Flows. It is one thing to understand that SmartFactor Authentication might deny a user access if they log in from a totally new location. It is another to test this out and try different systems, different browsers, different times of day and see what happens. Some customers use VPNs and want to see how the VPN usage can affect SmartFactor outcomes. Implementing custom login flows like Smart Flows can require even more testing to make sure that administrators and users are comfortable with new flows like a passwordless login flow. Again, the ability to roll out these features in a sandbox environment and test them with actual users can be key to a successful implementation and adoption.
When OneLogin is used to authenticate your customers, performance is key. You are no longer working with just hundreds of employees as your users, but hundreds of thousands of customers or more. You need to make sure that whatever system you use to manage the authentication and identities of those customers can handle the load. Our HydraBoost capability can handle 1 million authentication requests per minute, but don’t take our word for it - Enterprise Sandbox gives you a near-production test platform to test those flows and get an idea of how your actual production environment will respond.
These are just a few of the ways our customers have implemented the Enterprise Sandbox. Your company’s security and how users access data is of the utmost importance to most organizations. Any changes to how that process works can have serious consequences, cause outages, and create a loss of trust in the systems that have been put in place. The ability to test those changes before they are implemented can help avoid these types of outages and possible security vulnerabilities. Check out our Enterprise Sandbox feature to see how it can bring value to your organization and OneLogin implementation.