Okta OAuth 2.0 with OpenID Web Development

Publish Date: May 1st, 2018

Business Situation

williampitt200x133

William Pitt and Julia B Fee a Sotheby's International Realty affiliate with 1,100 agents and workers made a significant business technology decision to consult with Iron Cove Solutions Developers to implement Okta. William Pitt and Julia B Fee wanted to improve its SSO and identity management requirements. The company needed a more efficient way to provision users to sanctioned applications like Microsoft Office 365, and GSuite on their Agent Connect web portal landing page. They also wanted a way to increase password security leveraging OAuth. The new SSO and identity management requirements would help to satisfy a more secure IT environment, challenging end users with MFA when appropriate, and even reduce or eliminate password re-set tickets.

Customer Profile

William Pitt (WP) and Julia B. Fee Sotheby’s International Realty is the preeminent real estate brokerage firm serving Connecticut, the Berkshires, Mass., and Westchester County, N.Y.

WP contacted us about increasing the security of their Agents. Before the implementation, all workers had the ability to use self-service for passwords of crucial applications. WP wanted a way to control passwords along with increasing productivity while being very cognitive of allowing Agents to continue to work seamlessly.

Agent Connect is a portal landing page for cloud applications. A single source of truth was needed. Leveraging OAuth 2.0 for granting permissions was the only way to increase security across the many cloud applications of this portal landing page.

OAuth is a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

The Team and their Strategy

Working with a dispersed IT team across multiple time zones meant that Iron Cove had to manage a disciplined approach to this project. Project milestones required fluid teamwork in the truest sense and allowed Iron Cove to draw on its deep knowledge from previous Okta deployments to keep the deployment on time and on budget.

Benefits

One Login for applications utilizing OAuth 2.0 for their corporate-sanctioned cloud based apps
Implimented OpenID connect for their Agent Connect web page
Okta simplified end-user access to cloud applications and password resets
Showcased corporates, commitment, to increased security and efficiency

Solution

Experience

Okta Certified Administrator150x150 Iron Cove was selected as the Okta deployment partner because of strong experience implementing Okta in a multi forest, multi AD, complex environment relying on Office 365 as the core of its business productivity apps.

Implementation

In this case, multiple Okta AD agents were installed and configured, allowing for complete synchronization. App assignments from within Okta were made easier by adjusting AD settings to accommodate internal organization requirements. An IWA server was spun up alongside the Okta AD agents for redundancy and to allow for on-premise SSO and domain-validated user access to assigned applications within Okta. The IWA installation meant any domain user logged in to an on-premise domain-joined machine via his or her domain credentials would be seamlessly logged into their assigned applications provisioned in Okta.

The subsequent challenges of setting up the application at this point are to make sure that all Big Bang apps (SSO applications that are all-or-nothing) are appropriately configured for SAML. SAML apps like Workday, ServiceNow, and Innotas were tested in the preview environment, application owners and their teams. MFA was activated for off-premise users, using SMS and Okta verification. After thorough testing and verification, all apps were assigned to end-user groups within AD, pushed into production and rolled out to the end users.

The Result

Upon completion of the project, end-users were exposed to the elegant and easy-to-use Okta interface, and with little delay, they began utilizing application buttons (Chiclets) to launch their apps and streamlining their workflow. Additional corporate-sanctioned apps can be assigned by the AD group and instantly show up on their Dashboard with easy-access and ready to use, and the end-user confusion was minimized by providing a pre and post-launch communication plan.

A high level of adoption for an enhanced environment providing security around sensitive corporate information and applications. As an Okta-certified professional solutions provider, Iron Cove has helped organizations of all sizes become more efficient and more secure by using Okta to manage SSO and identity.