20 May

OKTA IAM Implementation for a Travel Management Company

Posted at 12:22h in Case Studies, Managed Services by Star Knowledge 0 Comments

2 Likes

The Client

A large global corporate travel management company.

The Need

The client having its presence across several countries was looking to set up an IAM tool and was looking to identify a solution and made a decision to implement Okta. The client used several applications both internally managed as well as SaaS and wanted to manage the SSO experience and the MFA for their apps outside their network and control access to their Windows and Linux servers through Radius and MFA integrated with Okta.

The Challenge

The client had Microsoft AD to manage their users and contractors, and that was becoming a challenge to manage the identities as well as with the growing application landscape, the dependence on the IT team was becoming a major bottleneck. Additionally, due to the credentials being stored locally on the browsers, the client was facing several challenges and wanted to extend the same to their servers bound with MFA.

Strategy

The client had recognized the need for integrating an IAM framework and solution to deliver reliable, scalable, and Secure access to systems and applications and for the proposed IAM solution to be an enabler to meet the objectives of the Client’s business vision and goals with the capability to enable the business and the wider user base to seamlessly and securely access the applications and data both within the internal environment and the cloud-enabled applications with self-service capabilities.

The client selected Okta’s identity and management service for its ability to put user identities at the center and secure access while also ensuring top-rate user experiences. The client adopted a number of Okta products, including Single Sign-On, Universal Directory, Lifecycle Management, Multi-Factor Authentication, and Radius MFA solutions for organization-managed servers.

Star Knowledge understanding the client’s requirement and the IT setup, proposed to set up Okta and integrate their existing applications which were supported with OIDC/SAML/ Oauth2.0 in the initial setup (Office 365 with 8 domains and rolled out systematically) and for the applications that did not support the required protocols where converted into OIDC applications for a seamless experience. A few third-party applications that were not supported with either option were integrated with the SWA approach bound by MFA under all conditions.

Further, there were certain challenges with the setup as a few servers required certain patches and setup with Radius integrated with Okta MFA to add an additional layer of security. We set Active Directory as the master, adding and updating employee profile information. Desktop SSO was deployed for a seamless login experience.

Additionally, there were cases of users getting locked out due to certain IPs trying to use brute force login and were blocked for the identified geographies. We set up several Network and Okta Signing policies to avoid unauthorized access.

Results

Unified experience with Okta’s integration for SSO experience and security management integrated with Active Directory to authenticate users directly with DSSO and user management.
Ease of IT management with self-service requests for applications.
Protect company applications, on-premise servers, and sensitive customer data through multi-factor authentication.
The client coincidentally was able to identify a fraudster who had siphoned nearly $35000 USD within the first month of deployment.
The client gained IT visibility, productivity, and security savings annually.