With 450 employees and an external network of 1,100 financial advisors serving 320,000 clients, Lincoln Investment offers high-quality investment and insurance products, service and support to help investors achieve long-term financial goals.
Its AdvisorLinc portal, with up to 250,000 logins per month, was natively developed in-house, and provides access to client data as well as investment products and information, while serving as a gateway to several internal and external apps.
"For IT, OneLogin is really easy to administer, and from a field perspective, we have a very high level of adoption, with ease of use being the primary driver."
VP Application Development, Lincoln Investment
Security is a highly sensitive topic in the broker-dealer industry, as overall trust has been impacted by adverse publicity and resulting regulations. In addition, new ideas and innovation from fintech companies are forcing companies to reevaluate and adjust to strengthen their value proposition for advisors and clients.
Lincoln had the foresight to embark on a technology transformation with increased security and ease of use as a competitive advantage, with an identity and access management (IAM) system being a key element. "We put information security as a top priority, and identity management and multi-factor authentication as a very important factor to help us stand out from competitors," says Guru Rao, Vice President of Application Development with Lincoln Investment.
For its office employees, Lincoln was evaluating several standard cloud apps, including G Suite, Slack and Zendesk, as well as internally-developed tools. Access for employees and advisors to the external portal apps were driven through Windows Active Directory (AD), with simple username and password access.
Lincoln was looking to give end users easy access to a single pane view of all apps relevant to them, with secure, role-based access control via a centralized platform. Rao wanted to maintain the ease of use advisors were accustomed to with AdvisorLinc, while adding security and multi-factor authentication (MFA).
"As we sought to create an identity management system, we realized the enormity of potentially having to manage thousands of identities across several internal applications. It would have been a huge effort to build and manage ourselves, given all the other priorities at that time. So we needed something that was universally accepted, and started to evaluate OneLogin," says Rao.
To tackle the goals, business and technical requirements, and evaluation process, in addition to his own staff, Rao assembled a task force at Lincoln which included:
- Chief Information Security Officer: penetration testing and vendor security
- Product and software engineering: ownership and detailed knowledge of internal applications
- Head of IT operations: ownership of IAM solution, proof of concept
- VP Application Development: strategic perspective, integration, viability of solution.
Security, Prototype and Responsiveness
The team found that most of the cloud apps they were using, including G Suite, Slack, and Zendesk, had OneLogin SAML connectors pre-built and ready to go. So once they downloaded and configured the OneLogin instance, "it was very easy to get everyone underneath the security umbrella. We did a thorough evaluation of OneLogin, including penetration tests," says Rao.
"OneLogin was very helpful in providing us a free trial, so we could build a prototype. This was very important to us, that we were able to test everything and ensure it worked. We could actually see an end product, working for us even before we purchased, so that was pretty important. OneLogin was very responsive throughout, even providing us with advice to customize some of the apps, and that basically made this compelling for us," states Rao.
Reflecting on the importance of app integration, Rao continues, "The wide acceptance of SAML apps by OneLogin was critical. Our advisor portals are internally built and on-premises applications. The ability to configure a custom SAML connector for our in-house application really worked out. Also, we used OneLogin itself to configure Smarsh, which is a big regulatory need in the broker dealer industry."
Implementation and Rollout
"The ability to roll out in groups is another big plus for OneLogin. With so many tools out there, it’s all or nothing. We carefully categorized users, mapping them into various roles and groups, so we were able to gradually roll this out, on budget, without causing a lot of disruption in the field. For an organization this large, that was really the icing on the cake," observes Rao.
"We have a single directory because the majority of our in-house applications were already using Windows AD-based authentication. So it was easy for us to take our entire directory and sync it up through OneLogin and available to use there. When we implemented OneLogin, that aspect became relevant to use across all internal apps," recalls Rao.
Professional Services and MFA
Rao wanted to ensure that the rollout to the field, particularly OneLogin Protect for MFA, was completed in a non-disruptive manner, so Lincoln engaged with OneLogin Professional Services. They worked together, scheduling weekly calls to identify and prepare apps for integration, and rolled them out methodically, starting with IT to ensure that everything worked. Onboarding other divisions within company offices came next, and finally field users in different groups. For Lincoln’s internal application, the initial roll out was single factor. Once everyone had adapted to it, they began the MFA rollout accordingly.
"Because of how we used user mappings in OneLogin and configured them, it was really easy for us to provision them into the right group, and give them immediate access," states Rao.
"Ultimately, the fundamental reason to select, and the greatest benefit to using OneLogin is that it was simple enough for us to plug in all of our apps. For IT, it is really easy for us to administer, and from a field perspective, we have a very high level of usage, with ease of use being the primary driver," says Rao.
"Similarly, when we were offboarding users, we immediately needed to terminate access, it was very easy to just go into OneLogin and deactivate the profile so that they no longer had access to anything. The ease of use has been the biggest factor in getting this rolled out across the enterprise," continues Rao.
"Lincoln is in the middle of a technology transformation, including our applications infrastructure, and data center. OneLogin was a good fit in terms of being able to use the solution, because it is a key part of both our transformation as well as a security mindset. And while it has definitely increased IT and user efficiency, because we’re planning to double in size, OneLogin was much more about helping us to scale than cost savings," says Rao.
"In financial services, you often hear a lot of negative feedback from people when rolling out changes they don’t see as helpful. When we rolled out OneLogin, they just were able to use it and go through that adoption process. That is a testament to the simplicity and ease of use of OneLogin," concludes Rao.
OneLogin brings speed and integrity to the modern enterprise with an award-winning single sign-on and identity management platform. Our portfolio of solutions secure connections across all users, all devices and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire app portfolios.