Many organizations are moving to the cloud for one reason: Google Apps/Gmail. The overhead that comes with supporting Exchange, GroupWise or Lotus Notes is simply too high. Gmail is far cheaper, and another advantage of Google is its behind-the-scenes patching, which saves IT from the trouble of downloading patches and pushing them out to every machine.
To save time and money, Cooley Law School turned to NetIQ’s Identity Manager, along with CosmosKey’s Connector for Google Apps. (CosmosKey builds a driver that enables NetIQ’s Identity Manager to communicate with the cloud-delivered Google Apps framework.)
Cooley now uses NetIQ’s Identity Manager to control access and automatically provision users to Google Apps. “Provisioning was a major headache,” Colegrove said. “With more than 3,500 students – who wanted to access email and apps from all sorts of different devices – we just weren’t able to keep up.”
Now, provisioning is automatic. Once an account is created in their existing directory (Novell’s eDirectory), it is automatically propagated in Google Apps. Students have access to a self-service portal for password resets or for simple things like a shift to a different campus or a name change after a marriage.
Before, those were all manual tasks. Colegrove estimates that the shift to Google Apps and NetIQ has already translated into a 30 percent productivity gain for his IT staff.
Cooley also looked to this new IDM solution as the foundation that they could build on to further shift apps and services to the cloud.
“We look at our cloud roll-out as a hub-and-spoke architecture. Identity Management is our hub. The spokes are various apps, with email being the first spoke. With the hub in place, and with the proper access control and identity management as the core of that hub, it’s trivial to add new spokes,” Colegrove said.
One cool app that Colegrove has begun planning for is a tie-in to physical security. Today, if someone is fired or drops out of school, that person’s ID badge may still grant them access to a building or computer lab. “We want to tie that into our IDM system so that the badge would automatically expire too,” he said.
Nathan McBride, Executive Director of IT for AMAG Pharmaceuticals also considered app support as a key factor when selecting an SSO solution, but besides app support he also was looking down the road to mobile support.
AMAG Pharmaceuticals had suffered through the typical process of managing different passwords and user identities for different applications, with users writing down their passwords on sticky notes and misplacing them every time they cleaned out their desks.
In a test, AMAG tried out both with a variety of applications that they wanted to unify under an SSO umbrella. Symplified only had a few applications ready to go, and it would be costly and involve a good deal of integration work to get other key apps up and running.
With Okta, all 18 applications that AMAG needed to test were already available before testing, and more and more applications were being added each week. Of course, AMAG chose Okta.
Now, life is much easier for both workers and IT. IT has fewer moving parts to maintain and support, while employees have only two passwords to keep track of: Google and Okta.
Another thing McBride appreciates about Okta is its ability to support mobile devices.
“A lesson I learned a long time ago is that whenever you take something away from an employee, you should give them something else that’s better,” McBride said. “In the case of SSO, it was more like removing a headache and offering something better. Not only did we remove the need to juggle multiple passwords, but since we shifted to strong 15-character passwords, we’re now able to provide access to any device with a browser.”