OneLogin was the perfect solution for bridging the identity gap between our HR and User Directory systems as well as our entire application landscape going forward.
As a global asset management firm with over 1,500 employees, this company is in the process of shifting IT operations towards a more cloud-based infrastructure and application set. Its VP of IT was seeking an identity and access management (IAM) solution to solve a number of challenges exacerbated by its rapid growth.
Challenge
While SAML had been on his radar for several years, existing approaches involving SAML authentication were resource-inefficient. Further, their local cache-based password management system was unstable and could not scale to their requirements. And employees, contractors and partners were struggling to cope with multiple passwords.
As Workday drove identity, the firm lacked user synchronization with Active Directory (AD). This meant that there was a great deal of manual effort involved in updating AD with any attribute changes. This was linked to another problem – the need for a SOX-compliant audit trail with instant revocation of application access upon employee job transition or termination.
Lastly, thousands of user credentials floating around were inconveniencing users, and introducing significant risk to the business.
Solution
The organization’s primary goal with single sign-on (SSO) was to eliminate passwords entirely. This business has taken a hard stance against non-SAML-enabled apps. OneLogin has enabled the firm to deliver secure and convenient access to all their applications.
With Desktop SSO, users simply log into their Windows PCs as normal and transparently authenticate to their domain and cloud services.
While Active Directory continues to serve as their primary user directory, OneLogin’s tight integration with Workday has effectively bridged that gap and eliminated the effort of manually updating user attributes.
This integration has enabled the firm to add and remove new apps and users with newfound ease and peace of mind. “OneLogin has been huge with onboarding employees and setting up accounts,” said the VP of IT. Also, by leveraging the integration with Duo Security, they have extended two-factor authentication to their VPN, virtually eliminating the risk of unauthorized access to both on-premise and cloud resources.
OneLogin’s reporting functionality is, as the VP of IT put it, “the right way to do it,” as it has given the firm visibility into current and past information about application access.
Results
Since the rollout, the firm has been able to save an enormous amount of time and effort involved in manually syncing user data between systems. They have effectively eliminated passwords from the user experience and from potential leakage or theft. They are now able to demonstrate SOX compliance through improved audit capability and access controls. Looking forward, the firm is prepared to securely deliver any app to any user at any time. As the VP of IT says, “it has made our lives immensely easier.”
About OneLogin, Inc.
OneLogin brings speed and integrity to the modern enterprise with an award-winning SSO and identity-management platform. Our portfolio of solutions secure connections across all users, all devices, and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire app portfolios. In June 2015, Forrester Research named OneLogin as a leader in cloud identity and access management. The choice for innovators of all sizes such as Condé Nast and Steelcase, OneLogin manages and secures millions of identities across more than 100 countries around the globe.