"Because we serve the banking industry, security and regulatory compliance are essential for us. OneLogin Desktop lets us bind a local computer user to their cloud identity, authenticating them to cloud services without going through a VPN or Active Directory."
This company’s loan origination software helps banks and credit unions streamline the process of assessing and granting requests for loans. Lending institutions achieve increased efficiency, transparency, profitability, and regulatory compliance and their customers benefit from faster loans.
Challenge
Managing Macs and Mobile Workforce
As a rapidly growing company with a reputation for agility, it had to find a way to manage mobile and central office user access to a variety of cloud applications. “We wanted a solution that was both Windows and Mac compatible,” says the Manager of Security Operations. In determining how to best manage remote employees, he considered whether or not to “try to shoehorn Active Directory into managing Macs.” He shares, “We just wanted to manage people’s credentials all through the cloud without them first having to boot up a VPN.”
Removing Friction for Employees
After reviewing how many cloud apps the company uses, the IT team knew they needed an identity and access management (IAM) system—not only for security but also to help employees be efficient. “Passwords are a pain point. Logging in shouldn't be people’s job: their job is to do great work. To be competitive as a business, you must remove as much friction as possible,” says the manager.
He continues, “We wanted one place where people could log in securely and have all their application tiles open up. It was confusing for new employees to come into our environment, realize that they had access to 15 different websites, and were supposed to remember all of them.”
Hitting an Efficiency Bottleneck and Needing Automated Responses to Threats
Employees were bottlenecked managing passwords, as was IT for provisioning and deprovisioning users. They were having to go through 15 different cloud services, as well as an on-site Active Directory server to terminate people. Because the company works with financial institutions, it also has to meet and demonstrate compliance requirements.
The IT team was already planning to use Cloudlock (now part of Cisco), a leading cloud access security broker (CASB), to enforce security policies and defend against attacks to key cloud applications, like Salesforce. So they wanted an IAM solution that integrated well with Cisco Cloudlock for comprehensive security.
Solution
After testing solutions from Okta and LastPass Enterprise, the company decided to go with OneLogin for identity management. The manager states, “We found that for everything we wanted to do, OneLogin was straightforward and easy. We got the quickest value out of it and the best support. OneLogin support engineers answered our questions rapidly, too.”
OneLogin Desktop for Frictionless Access and Security
To start with, the company uses OneLogin Desktop to solve the problem of managing access for remote employees and Mac users. The manager explains, “There’s always been a laptop password policy, but that was a local account unrelated to anything else. Now, the local account is directly tied to their OneLogin account, and the password is the same. That's one less password to remember.”
"Our users love OneLogin Desktop because it reduces friction, enabling them to access all web services simply by entering their laptop password—without the hassle of VPN," he adds.
Improving the employee experience while enhancing security, OneLogin Desktop provides a form of multi-factor authentication (MFA). It installs a certificate specific to a user and laptop, which provides the first factor of authentication. The second factor is the user’s password, giving them access to their applications.
Results
Greater Security with Less IT Load
Being able to use the same tools across different web apps lightens IT’s security workload. The manager affirms,“My job is to implement security policies and to make sure they're being adhered to. Not having to jump into a different system just to create the policies that our company needs is a big advantage.” As an innovator in cloud banking technology, the company seeks to be on the cutting edge of the security tools available, to monitor user behavior and enforce policy as needed. The way OneLogin and Cisco Cloudlock interact with each other works particularly well for them. “With Cloudlock and OneLogin, the ability to craft policies around user behavior is crucial to a consistent and reliable security approach. We don’t have to create policies in multiple tools like Salesforce, Slack, and so on. Instead, the policies are defined in OneLogin and Cloudlock and are applied across all apps,” says the manager. This not only saves time, but also protects against the risk of error when managing multiple applications and varying security settings.
Increased Employee Satisfaction and Adoption
The company made its most vocal users beta users for Desktop for Mac, and they were blown away. “They were actually upset that it worked so well—they were upset that it wasn’t available when we first rolled out OneLogin,” shares the manager. “And they turned into our biggest promoters, telling other team members they should get OneLogin Desktop because it really does save time.”
Easy Reporting, Compliance and Cost Control
OneLogin enables the IT team to generate centralized reports in a few clicks, helping them demonstrate compliance easily and gather useful insights. Gaining insight across the whole company about who has access to which cloud apps can be difficult, but with OneLogin, IT can immediately understand license count, and how often someone accesses something, enabling them to tune or reduce seats as needed.