Well known for helping K-12 school districts manage HR solutions with absence management software, this education software company faced its own workforce management challenge caused by its rapid, nationwide growth.
At the company, corporate IT strives to enable people to be more self-sufficient and empowered in doing their jobs, to foster collaboration and teamwork across groups, and deliver solutions that advance the business. The main focal points for the organization are to reduce time spent on the back end, to apply technology to streamline processes, and move more and more functions to the cloud.
With many employees working remotely, the company faced the modern struggle of how to manage distributed teams. To get everybody up and running fast and remove friction while keeping data secure, it needed a way to automate provisioning and password resets, but with a reliable process to revoke access for departing users. “We were looking for a solution to securely automate employee onboarding and offboarding, especially since we’ve grown so much nationally,” shares the company Systems Administrator. Beyond automation, given the e-mail solution is completely hosted, it wanted real-time functionality to match its cloud-based setup.
The IT team was also looking for up to date authentication in the cloud that can tie in both with the cloud-based email system, as well as Active Directory, where all users are stored. The company took a hard look at Microsoft for its Enterprise Mobility Suite and the Azure Active Directory features they offer in the cloud through federation services. With their move to Office 365 the previous year, they considered just pushing more security through the services Microsoft provides, but given its traditional platform focus, they worried about the vendor’s commitment to advancing the identity and access management (IAM) feature set.
OneLogin stood out to them, particularly for its large portfolio of connectors for cloud-based applications. “One aspect we saw right away were the opportunities that OneLogin offers with so many integrations into apps available right out of the box,” recalls the systems administrator. “Another aspect, due to the large number of remote users, was the ability to offer ‘access from anywhere’ no matter where users reside. And as identity management is your entire focus, we feel much more confident in coming to you when we have questions or ideas. Your commitment to improve the product and make it the best --- that’s one of the main reasons we went with OneLogin.”
Single Sign On (SSO)
One of the key benefits of using OneLogin is the single sign on (SSO) functionality. “In terms of impact on the business, IT operations, user experience…SSO makes a big difference. Even though there are multiple ways to connect—mail, web portal, phone or computer, from anywhere in the world—you have a single place to go to for authentication, a single source to go back to if you ever have an issue,” observes the systems administrator. “Furthermore, everybody has access to the apps we have in the portal. SSO provides very intuitive access to all critical applications right away.”
Unique Virtual LDAP Support
Another functionality the IT team is excited about is OneLogin’s unique Virtual LDAP (VLDAP) solution which delivers a secure extension of Active Directory into the cloud, opening up access to all the cloud-based systems with LDAP support. “We’re pushing heavily to move resources out of our domain, and into the cloud, just so that we’re not reliant on any infrastructure, and all the overhead that goes into managing it,” states the systems administrator.
For instance, a cloud-based, mobile device management (MDM) solution by JAMF Software called Casper Suite is used to manage Apple computers remotely. OneLogin’s VLDAP protects the integrity of Active Directory by extending its functionality to a virtual server for secure user authentication in the cloud. “Working with our sys admin and OneLogin to authenticate VLDAP for our MDM solution was a great project; it has proven useful multiple times over as we continue to grow the Mac portion of our user base,” shares a Helpdesk Technician at the company.
Cloud Representation of the User
“What we find highly useful about OneLogin is the cloud representation of a user, comprising their unique information and system access security. We’re still managing them all in Active Directory locally, but since this is their cloud-based representation, that user has information about them, but it also has security about them, what their password is, what groups they belong to, what apps they have access to,” observes the systems administrator.
With this setup, the company is able to leverage the Apple device enrollment program to get new remote employees setup fast, shipping new computers directly to their homes. When new employees turn their devices on the first time and check in, they get automatically provisioned via JAMF with all the applications for their particular role, on day one. This is now saving a very significant amount of time by minimizing physical handling of user computers and responding to individual setup requests.
“Eliminating devices first coming to us, and then having to ship them back out has been huge. Connecting remotely to the new user’s profile through VLDAP really sped up the provisioning process while keeping it secure. And that’s just one example.” says the systems administrator. “We've always liked the OneLogin solution, but the VLDAP Service solidifies our investment in OneLogin as a top internal resource and partner. We’re going all in with our OneLogin investment—this product development is a real differentiator.”
Accelerated Provisioning of Remote Users
User setup for the many apps that have single sign-on (SSO) provisioning through SAML is now easy, fast and secure, thanks to the automation of processes. And for those applications that don’t have provisioning capabilities built in, using OneLogin’s VLDAP functionality really cuts down on the time to manually get them provisioned for hundreds of people. Beyond SSO productivity and security gains, especially given multiple acquisitions bringing in new users that are not connected to Active Directory, setting up all new users remotely and standardizing the process across the company has delivered great time savings.
Rapid Time to Value
While a top management priority at most organizations is to get new employees connected and collaborating as quickly as possible, the company takes it a step further, and expects employee onboarding from acquisitions to be completed within 30 days. “With OneLogin, all we need is an export of all the new users’ Active Directory attributes to be able to create the user accounts and set them up. After that, it’s just a matter of syncing them to OneLogin and adding those licenses to give them access,” comments the systems administrator.
“We are happy to say that after an acquisition, OneLogin enabled us to get all new employees onboarded and collaborating in under a month. So that was just a huge win for us, because I think typically in an acquisition, especially a larger one, it can be 3-4 weeks before people even notice calendar access issues, because they’re in a different Exchange environment. To be able to provide those kinds of solutions within that first month is just a huge win for our company. It’s really hard to quantify the value of getting our employees all communicating and collaborating more quickly, and that’s what OneLogin delivered,” states the systems administrator.
“The biggest difference in terms of security is being able to disable departing employees in Active Directory and boom, access to all the apps in OneLogin is locked in real time. Mobile devices stop authenticating, and if someone wanted to try to go in to export confidential files, they wouldn’t be able to do that. OneLogin provides the automation of security, which is always a priority for us,” says the systems administrator.