Okta Implementation for Global Agro Company undergoing M&A

23 July 2021

The Client

Large Agrochemical manufacturing company headquartered in India with global operations.

The Need

The client had recently acquired another large organization over several multi-billion dollar deals and was looking at setting up an IAM tool to manage the complete modalities of an identity right from on-boarding, application access to securing their setup and move away from their current setup of the vanilla setup of AD and ADFS. The newly acquired entity was already on Okta.

The Challenge

The client is a 15000+ people organization were looking for an Identity Solution that can connect business units globally while facilitating adoption and ease of inter-organization setup. As the organization revamped its existing infrastructure and setup, we discovered challenges that could impact their entire business structure and needed solutions that can scale quickly while ensuring minimal impact. Additionally, the client was also looking at replacing their HRMS system with SAP SuccessFactors to manage user identities.

Strategy

Star Knowledge having understood the complexity involved, proposes a multi-stage setup that would ensure setting up org to org setup of multiple okta tenants adopted by their independent business units while remaining compliant with their governance rules and at the same time ensuring ease of operation and adoption across all the employees. Once the org-org setup was successful, the organization’s several Office 365 tenants and their users were migrated from ADFS to Okta, which was then followed by the setup of 50+ applications within the OIN network and in-house apps compatible with SSO protocols while still keeping AD as the profile master.

The second phase involved moving away from AD as the profile master to SuccessFactors for managing the FTE users’ onboarding, role-based assignments, and de-provisioning while the contract employees were to be managed using their existing HRMS system which was their secondary source of truth that required user profiles syncs from SuccessFactors and then eventually to AD as an automated workflow orchestration for a complete user lifecycle management using SCIM Server setup and deployment including setup of failover mechanism to ensure minimal risk.

We used Okta’s integrated identity and mobility management solution which offered the Client the ease of use and security they required to connect users to cloud applications. Upon enrolling to Okta tenant, users are automatically provisioned on their Office 365 email and all their applications along with self-service request capabilities.

The client due to having a proxy firewall setup had several challenges with the DSSO setup. We coordinated with their global support IT members to ensure successful Group Policy deployments across all the client-owned assets and ensuring a successful bypass for the DSSO to ensure seamless access to the Okta portal within the network including thick client applications such as Outlook, Teams amongst others.

Results

• Total HR lifecycle automation implementation and orchestration for secure and reliable identity management.
• Increased IT, productivity, and security savings annually
• Automatically group employees into categories to determine which apps they would need, depending on cost center and location.
• Protect company apps and sensitive customer data through multi-factor authentication.
• Integrate DSSO with Active Directory to authenticate users directly against AD for access to all cloud and on-prem apps and asset management.

Technology Used

• SCIM Server
• SF API
• Lifecycle Management
• Single Sign-On
• Universal Directory
• WSS-Proxy Firewall
• Multi-Factor Authentication
• Sign-On and Password Policies
• SAML, OpenID, and WS Federation
• DSSO
• Network and Group Policies

Having Similar Problems? contact us, for your Okta’s requirements.