In preparation for the migration, the company had gone through the process of cleaning up duplicate records and redundancies in Active Directory (AD). The next step was to configure Active Directory Federation Services (ADFS) and Forefront Identity Manager (FIM), which would involve deploying servers in multiple data centers as well as configuring each component for Office 365.
IT Director, Infrastructure
While the company was technically capable of getting federation for Office 365 working with ADFS, that approach would have involved additional servers and licensing from Microsoft. Looking at the roadmap of cloud apps to come, and the disadvantages of building out their own, in-house ADFS infrastructure, the company made the decision to find a solution that would simplify the process, on a per app basis. They also needed an identity solution for internally-developed web and mobile apps, including their point of sale and inventory management systems.
In addition, it was looking to expand its identity management program to allow partners and other external users to collaborate more effectively with company employees.
It was clear that partnering with an Identity as a Service (IDaaS) vendor had the potential to drastically simplify the rollout of Office 365, as well as serve as a vehicle for future apps provided by other vendors. “Our main concern was speed to deployment. We wanted to leverage our investment with Microsoft in licensing Office 365 for the enterprise quickly. We had to either build out an ADFS infrastructure or go with an IDaaS solution,” said the IT director of infrastructure.
But concerns about the high number of users, employee/contractor/partner mix and geographically dispersed nature of its user base presented a complex challenge for a cloud solution. With a short call to a OneLogin sales engineer, setup with the OneLogin Active Directory connector (ADC) predicted a smooth implementation, enabling company IT staff to focus on the migration.
The company uses the OneLogin ADC to synchronize nearly 20,000 identities to OneLogin, which enables automated provisioning of the users into Office 365. They “flipped the switch” to enable federation late on a Friday evening without missing a beat, and never looked back. From then on, all employees were authenticating and signing into Office 365 via OneLogin.
Partnering with OneLogin eliminated the need to expand into a complex, on-premise Microsoft infrastructure in order to support Office 365, saving significant time as well as maintenance and licenses associated with server hardware and software.
With a growing, internally-developed application set, the company leverages OneLogin toolkits and other resources to enable their web and mobile apps with SAML and Native Applications (NAPPS), delivering the same level of centralized security and user convenience they enjoy with their third-party apps. “We wanted to do something different with authentication to make things simpler. SAML seemed like a better solution and OneLogin’s SAML toolkit looked attractive.”
For external users, the company has been able to provide stronger VPN authentication for temporary contractors via the OneLogin one-time password (OTP). This new system has also displaced costly hardware tokens.
By its sheer magnitude, the company is a complex organization. As with any organization of this size, it requires simplicity and security.
Thanks to these new measures, it was able to simplify migration, provide “anywhere access” to Office 365, enforce multi-factor authentication and authorization for all apps (including internally-developed ones), and deliver secure access to external users. The company has also reduced IT complexity, enhanced security and made significant strides in business agility.
OneLogin brings speed and integrity to the modern enterprise with an award-winning SSO and identity management platform. Our portfolio of solutions secure connections across all users, all devices, and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire app portfolios. The choice for innovators of all sizes such as Condé Nast, Pinterest and Steelcase, OneLogin manages and secures millions of identities around the globe.