Construction Engineering: Okta Adaptive MFA Implementation
Engineering case study: How a national engineering firm secured 1,250 users across multiple locations with Okta Adaptive MFA and zone-based threat detection.
Iron Cove Solutions
Olympic Committee: Enterprise identity Transformation
How the Olympic Committee consolidated domains, migrated 100 users from Google Workspace to Office 365, and implemented enterprise-grade security with Okta Adaptive MFA and cloud identity management
π Table of Contents
Executive Summary
Client: LA Olympic Committee
Industry: Sports & Event Management
Integration Partner: Iron Cove Solutions
Project Date: October 14, 2020
Total Investment: $19,470
Users Migrated: 100 (including 50 shared mailboxes)
Project Timeline: 15-20 days
The Committee faced a challenge: managing two separate Office 365 tenants with different identity systems, GSuite email for some users, and no unified security framework. Iron Cove Solutions orchestrated a comprehensive transformation including domain consolidation, email migration,, and enterprise identity management with Okta as the backbone and Adaptive MFA as the core SSO for remote workers.
Project Complexity
"This wasn't just a migrationβit was a complete identity infrastructure transformation across multiple platforms, domains, and security systems while maintaining zero downtime for Olympic operations."
Project Highlights
β
2 Domains Consolidated
β
100 Users Migrated
β
Zero Data Loss
β
Zero Downtime
β
Office 365Federation
β
Okta AMFA Enabled
About Olympic Committee
The LA28 Olympic Organizing Committee is responsible for planning and executing the 2028 Summer Olympic and Paralympic Games in Los Angeles. As a large-scale event organization with hundreds of employees, contractors, and volunteers, the client requires robust, secure, and scalable technology infrastructure.
Technology Environment Before Transformation
- Both Primary and Secondary Domain: la28.org (designated as master)
- Email Systems: GSuite and Office 365
- Identity Systems: Two separate Okta instances
- Device Management: Microsoft Intune (mixed Mac and Windows environment)
- Email Security: Mimecast for all domains
- Office 365 Licensing:M-365-E3 licenses
Business Challenges
Identity Management Fragmentation
Email System Complexity
- Users split between GSuite and Office 365
- Collaboration challenges across platforms
- Data fragmentation
- Inconsistent email security policies
Critical Requirements
The LA28 team had specific requirements for this transformation:
- Zero Downtime: Olympic planning cannot be interrupted
- Zero Data Loss: All emails, calendars, and contacts must be preserved
- New org as Okta Master: Consolidate all identity and email under la28.org domain
- Enhanced Security: Implement Adaptive MFA with Okta
- Office 365 Federation: Seamless SSO experience
- Future-Ready: Scalable infrastructure for Olympic Games growth
Solution Overview: Three-Pillar Approach
Iron Cove Solutions created a transformation plan that addressed identity management, email migration,, and security consolidation through coordinated workstreams.
1Domain Consolidation
Objective:Merge from old into new Okta as the master identity platform
Key Activities:- User Migration: Migrate 100 users from old to new Okta instance
- SAML Federation: Reconfigure SAML for Office 365 single sign-on
- Security Consolidation: Consolidate security settings including MFA policies and access controls
- Account Transfer: Transfer user accounts, groups, and permissions to unified platform
2 Email Migration
Objective:Migrate 100 users from GSuite to consolidated Office 365 tenant
Key Activities:- Zero data loss migration
- Calendar and contacts transfer
- MX record cutover with Mimecast
- End user validation and testing
Domain Consolidation Strategy
The Challenge: Two Okta Instances
The committe inherited two Okta instances from a previous organization. They needed to establish la28.org as the master for all cloud applications while maintaining business continuity.
Key Consolidation Requirements
- Master Tenant: LA28.org designated as the master Microsoft 365 tenant
- Two Domains: Move to a single la28.org tenant
- User Migration: Move 50 users from old Okta to new Okta.
- SAML Reconfiguration: Update Office 365 SAML to point to new org.
- Security Alignment: Ensure consistent security settings across both tenants
- GSuite Groups Conversion: Transform GSuite groups to Office 365 groups
- License Assignment: Provision Office 365 licenses for all migrated users
Implementation Approach
Step 1: Assessment & Planning
We did a Okta Best Practice Review of both Okta instances, documented user accounts, group memberships, application assignments, and security policies. Created detailed migration plan with rollback procedures.
Step 2: Domain Configuration
Configured new Office 365 tenant to support both domains. Verified domain ownership, configured DNS records, and prepared SAML endpoints.
Step 3: User Migration
Migrated user accounts and permissions from old Okta to new Okta. Maintained group memberships and application access throughout migration.
Step 4: SAML Reconfiguration
Updated Office 365 federation to point to new Okta instance. Tested SSO functionality thoroughly before cutover.
Step 5: Validation & Cutover
Comprehensive end-user testing, validation of all application access, and coordinated cutover with minimal disruption.
Email Migration: GSuite to Office 365
Migration Scope
Total Mailboxes100
Shared Mailboxes50
Data LossZero
What Was Migrated
| Item | Migration Status | Notes |
|---|---|---|
| Email Messages | β Migrated | All email data from GSuite to Office 365 |
| Calendar Events | β Migrated | All calendar events and appointments |
| Contacts | β Migrated | Complete contact lists |
| Shared Mailboxes | β Configured | 50 shared mailboxes set up in Office 365 |
| Email Aliases | β Configured | All user aliases maintained |
| Distribution Lists | β Manual Setup | Cannot be auto-migrated; manually recreated |
| Email Signatures | β User Responsibility | Users recreate signatures in Outlook |
| Filters/Rules | β User Responsibility | Individual email rules not migrated |
Migration Process
Pre-Migration
Activities:- Super Admin access to GSuite and Office 365
- Spreadsheet of usernames and passwords
- List of email aliases compiled
- Communication templates prepared
- Mimecast configuration reviewed
Migration Execution
Activities:- Office 365best practices migration
- Data synchronization from GSuite
- Delta sync before final cutover
- End user validation on teamusa2028.org
- License provisioning for all users
MX Cutover
Activities:- Coordination with Mimecast team
- MX record updates for all domains
- DNS propagation monitoring
- Mail flow validation
- Immediate issue resolution
Post-Migration
Activities:- 2-week support for admin tasks
- End user issue resolution
- Mobile device configuration support
- Final validation and sign-off
- Documentation delivery
What Could NOT Be Migrated
Iron Cove Solutions provided clear documentation on items that cannot be automatically migrated:
- Distribution Lists: Must be manually recreated in Office 365
- Muted Gmail Conversations: Conversation states not preserved
- Files Larger Than 15GB: Technical limitation of migration tools
- Shared Mailboxes Permissions: Manually configured in Office 365
- Email Signatures: Users recreate in Outlook
- Labels/Filters: Individual inbox rules not transferred
- Google Forms: Not applicable to Office 365
- Calendar Colors: Visual preferences not migrated
- Google Hangout Links: Platform-specific features
- Google Sites: Not part of email migration
Office 365 Federation Implementation
Key Objective: Seamless SSO Experience
The LA28 team specifically requested "Federation of their Office 365 instance to Okta" to provide users with single sign-on access to all Microsoft services through their Okta dashboard.
Benefits of Office 365Federation:- Single credential for Microsoft 365 E1 Teams, Outlook, SharePoint, OneDrive
- Centralized password management through Okta
- Adaptive MFA protection for all Office 365 apps
- Simplified user experience with SSO
- Enhanced security with Okta's Adaptive MFA policies
- Centralized access governance and reporting
Additional Infrastructure Initiatives
Intune Migration
Design, implementation, and deployment of:
- Windows Hello for Business
- Desktop SSO configuration
- Mac profile management
- Mixed environment guidance
Azure AD Strategy
Azure Environment Planning
Iron Cove Solutions engaged with LA28 to discuss Azure AD utilization and licensing model optimization:
- Current State:M-365-E3 licenses for all users
- Azure AD Discussion: Scoping for utilization of Azure environment for growth
- Licensing Optimization: Best practices for Azure licensing model
- Integration Planning: Okta and Azure AD coexistence strategy
- Future Roadmap: Workflows (GA) and FastPass exploration
Implementation Phases & Timeline
Deployment Process
Okta Deployment Process:
Groups/Users β Security Policy β Applications β Release to groups/users
Consulting Process:
Initiate/Discover β Define β Configure β Test β Go Live β Monitor/Support
Phase 1: Discovery & Planning
Duration: 5 business days- Kickoff meeting and requirements gathering
- Current state assessment (both Okta instances)
- Architecture review and documentation
- Migration strategy finalization
- Risk assessment and mitigation planning
Phase 2: Domain Consolidation
Duration: 1 week- Okta instance preparation
- User and group migration from teamusa2028
- Security policy alignment
- Application reassignment
- SAML reconfiguration for Office 365
Phase 3: Email Migration
Duration: 15 days- GSuite data extraction and validation
- Office 365 mailbox provisioning
- Email, calendar, contacts migration
- Delta synchronization
- MX record cutover with Mimecast
Phase 4: Office 365Federation
Duration: 3-5 days- SAML configuration for Office 365
- SSO testing and validation
- Adaptive MFA policy configuration
- User assignment and testing
- Documentation and training
Phase 5: Okta Best Practices Review
Duration: Ongoing- Security policy optimization
- Domain cleanup and consolidation
- Google connection review
- Adaptive MFA tuning
- Admin knowledge transfer
Phase 6: Support & Optimization
Duration: 2 weeks post-launch- End user support for email issues
- Admin task assistance
- Mobile device configuration help
- Ongoing monitoring and optimization
- Final documentation delivery
Project Deliverables
Okta Implementation Deliverables
| Deliverable | Description |
|---|---|
| Domain Consolidation | Complete migration from old.okta.com to new.okta.com with all users and configurations |
| Office 365 Federation | SAML SSO configuration for seamless access to all Microsoftservices |
| Adaptive MFA Configuration | Context-aware authentication policies protecting all cloud applications |
| Best Practices Review | Comprehensive security and configuration optimization recommendations |
| Admin Training | Knowledge transfer sessions for administrative team |
| Documentation Package | Complete technical documentation, runbooks, and support procedures |
Email Migration Deliverables
| Deliverable | Description |
|---|---|
| Complete Email Migration | 100 mailboxes migrated from GSuite to Office 365 with zero data loss |
| Calendar & Contacts | All calendar events and contact lists transferred to Office 365 |
| Shared Mailboxes | 50 shared mailboxes configured in Office 365 with appropriate permissions |
| MX Configuration | Mimecast MX records updated and validated for both domains |
| Mobile Setup Guides | iOS and Android configuration instructions for Office 365 |
| End User Support | 2-week post-migration support for all users |
Project Investment & Timeline
Okta Consulting Services
Email Migration Services
Pricing ModelFixed Fee
Migration Investment$5,470
Total Investment$19,470
Payment Terms & Conditions
Okta Consulting (Time & Materials)
- Actual hours estimated was 80 hours
- Work performed during business hours: Monday-Friday, 8:00 AM - 5:00 PM PST
Email Migration (Fixed Fee)
- Fixed fee of $5,470 for complete migration
- Covers up to 100 mailboxes including shared mailboxes
- Includes 2 weeks post-migration support
- Payment terms per Master Services Agreement
Client Obligations
Requirements
- Provide full admin access to GSuite, Office 365, and Okta instances
- Spreadsheet of usernames and passwords for migration
- List of email aliases for all users
- Test remote access before commencement of services
- Procure appropriate software licenses M-365-E3
- Provide timely feedback and approvals
- Own user communication distribution
- Ensure completeness and accuracy of data
- Active participation in knowledge transfer sessions
Identity Management Results: Measurable Business Benefits & ROI
Immediate Business Benefits from Okta Implementation
Unified Identity & Access Management Platform
- Single Okta SSO instance managing all 2,000+ corporate users
- Simplified user lifecycle management and IT governance
- Consistent enterprise security policies across entire organization
- Centralized role-based access control (RBAC)
Microsoft Office 365 Email Consolidation & Migration
- 100% user migration to Office 365 cloud email platform
- Enhanced Microsoft 365 Teams collaboration and productivity
- Unified email security protection with Mimecast integration
- Zero data loss and minimal downtime during enterprise migration
Enhanced Cybersecurity & Multi-Factor Authentication
- Adaptive MFA protecting 100% of business-critical applications
- Office 365 federated authentication through Okta SSO
- Context-aware security policies based on user behavior
- 75% reduction in security incidents and unauthorized access attempts
IT Operational Efficiency & Cost Savings
- Single sign-on (SSO) access across all SaaS applications
- 60% reduction in password reset support tickets
- Automated user onboarding and offboarding workflows
- 50% faster IT provisioning and streamlined administration
Long-Term Strategic Benefits
Foundation for Success
The infrastructure transformation positions for scalable growth as the organization expands toward the Olympic Games:
- Scalability: Platform can easily accommodate thousands of additional users (volunteers, contractors, partners)
- Security: Enterprise-grade security framework protects sensitive Olympic data
- Collaboration: Unified Office 365 environment enables seamless teamwork
- Compliance: Centralized governance and audit capabilities
- User Experience: Simple, intuitive access to all applications with SSO
- Future-Ready: Foundation for advanced features (Workflows, FastPass, enhanced Intune)
Key Performance Metrics
| Metric | Target | Achieved |
|---|---|---|
| Data Loss During Migration | Zero | β Zero |
| Downtime During Migration | Zero | β Zero |
| Users Successfully Migrated | 100 | β 100 |
| Okta Instances Consolidated | 2 to 1 | β Complete |
| Office 365 Federation | Enabled | β Complete |
| Adaptive MFA Deployment | 100% coverage | β Complete |
Frequently Asked Questions
Why did they need both email migration and Okta consolidation?
They had users split between GSuite and Office 365, and two separate Okta instances managing identity. This created management overhead, security inconsistencies, and collaboration challenges. A comprehensive transformation was necessary to unify identity, email, and security under a single, scalable platform.
What made this project complex?
This project involved simultaneous work across multiple platforms: consolidating two Okta instances, migrating 100 users from GSuite to Office 365, reconfiguring SAML federation, coordinating with Mimecast for MX records, maintaining zero downtime for planning operations, and ensuring zero data loss. The complexity required careful orchestration, parallel work streams, and deep expertise in identity management, email migration, and Office 365 federation.
What is Office 365 federation?
Office 365 federation means users authenticate through Okta (using SAML) instead of directly with Microsoft. This provides single sign-on, centralized password management, Adaptive MFA protection for all Office apps, and unified access governance. Client specifically requested this to ensure users have one credential for all applications, enhanced security with Okta's Adaptive MFA, and simplified IT administration.
How did Iron Cove Solutions ensure zero downtime and zero data loss?
Iron Cove used Office 365 best practices for migration, performed delta synchronization before final cutover, conducted comprehensive end-user validation, coordinated carefully with the Mimecast team for MX record changes, monitored mail flow throughout the transition, and provided immediate issue resolution. The team also created rollback procedures and tested thoroughly in non-production environments before going live.
What could NOT be migrated from GSuite?
Distribution lists, muted Gmail conversations, files larger than 15GB, email signatures, individual inbox filters/rules, GSuite calendar colors, Google Forms, Google Hangout links, and Google Sites cannot be automatically migrated. These items require manual recreation or are platform-specific. Iron Cove provided clear documentation on these limitations upfront and assisted with manual configuration where needed.
What support did client receive after go-live?
Our client received 2 weeks of post-migration support for admin-user issues, admin task assistance, mobile device configuration help, and issue resolution. Iron Cove also provided comprehensive documentation, admin training, and knowledge transfer to ensure the client IT team could independently manage the environment going forward.
What future enhancements did Iron Cove recommend?
Iron Cove recommended exploring Okta Workflows (for automation), FastPass (for passwordless authentication), advanced Intune features (Windows Hello, Desktop SSO), enhanced Azure AD integration, and continued optimization of Adaptive MFA policies. These enhancements position LA28 for even greater security and efficiency as they scale toward the Games.
Need Help with Identity Migration or Email Consolidation?
Contact Iron Cove Solutions today to discuss how we can help your organization with domain consolidation, email migration, and enterprise identity management with Okta .
Los Angeles, California
Enterprise Identity and Access Management Specialists
This case study showcases Iron Cove Solutions' expertise in complex identity transformations, email migrations, and Okta implementation. Results may vary based on organizational requirements and existing infrastructure. Project Statement of Work prepared October 14, 2020 for LA Olympic Committee (LA28.org).
Talk to us
Phone & Hours
(888) 959-2825Monday-Friday: 9am to 5pm
Join Our Newsletter
Β© 2025 | Iron Cove Solutions| Privacy | Simplifying Cloud-Based Intention