A Global SaaS Company Migrates Identity Management Solution from Okta to Microsoft Entra ID

Overview

The company has a SaaS Productivity Platform which offers comprehensive business solutions in highly secure eSigning, e-ID, powerful PDF productivity and industry-leading analytics. It is imperative that the SaaS applications can authenticate the users easily, securely and comprehensively. For individuals, small teams or large enterprises the solution needs to scale with advanced features, security & integrations e.g., High-trust eSign with certificates & ID verification for regulatory requirements such as eIDAS.

Challenges

Okta has long been a trusted Identity and Access Management solution for the company. However, as time passed, the system became disorganized, costly to maintain, and poorly integrated with the existing Microsoft 365 infrastructure. The decision to migrate from Okta to Entra ID was driven by the desire to consolidate Microsoft 365 investments, benefit from seamless integration with SaaS services, and eliminate Okta licensing costs. The migration not only saved on these costs but also addressed user complaints with Okta's UI, such as the cumbersome bulk delete process and complex app setup. Additionally, limitations in on-premise integration prompted them to transition to Entra ID, disconnecting their federated domain objects from Okta as the Okta license expiration approached.

Solution

Netwoven undertook the project with a comprehensive approach. It assessed the background of the current Okta environment. The target Microsoft Entra ID environment was also examined for best practices around user security, branding, application provisioning, group-based licensing and assignments, application consent, and more.

Okta Assessment

A detailed catalogue of every item was prepared towards a precise project scoping.

• All User
  • 300 users total
• Applications
  • 156 apps in use
• Security
  • Groups: 66 Okta groups, approx. 200 App groups
  • Universal Directory & MFA in use
  • Source of truth – On-premise AD
• Features
  • Workflows – None
  • SIEM integrations – None
• Customization
  • Custom integration – Bamboo
  • Okta rules – Bamboo etc. dept, location

Entra ID Health Check & Analysis

A strategy and roadmap were developed for implementing Entra ID considering the following.

• Document Applications, Groups and Users
• Reports on what was being used in Okta and by whom
• Identify any integrations and workflows
• Document identity flow and sync processes
• Document applications that use provisioning or should use provisioning
• Document Onboarding and Offboarding flows
• Document Entra ID Connect Settings
• Identify any errors in the sync
• Recommended redundancy options and Entra ID Connect
• Security hardening plans for users using MFA, and application authentication methods
• Review options for both PHS and PTA and HA configurations
• Make any config changes on Entra ID connected filters
• Health check and improvements on the current Microsoft Entra ID

Migration Strategy

The Netwoven team implemented a phased migration approach, moving data in structured waves. This approach provided the required flexibility with minimal downtime and a smooth transition. Netwoven focussed on the following.

• Migration mappings for Users and Applications (e.g. SAML, Plugin, OAUTH)
• A detailed schedule for each object/feature migrating from Okta
• Cutover strategy assessment (Big bang, waves by user type, waves by application priority)
• Staging objects in Microsoft Entra ID
• Migrating guest accounts
• Migrating applications in phases

Business Benefits

Making use of the already existing Microsoft Identity stack saved the company costs from duplicate services and allowed all the business applications to use Single Sign-On through the robust Microsoft Entra ID platform. The advantages gained by the customer due to migration to Microsoft Entra ID from Okta were as follows.

• Better ROI
  • Reduction in overall costs by consolidating users from Okta to the Microsoft 365 platform which streamlined license management and expense optimization.
• Improved user experience
  • Users are automatically and seamlessly signed into SaaS applications using their Microsoft 365 identities
• Easy to administer
  • Consolidating all facilities in one platform EDR, remote monitoring, and management.
• Uniform Security across the organization by
  • Extending Microsoft’s Industry leading security controls to user and application identity
  • Gaining more control and insights into User and Application login activities
  • Adding additional controls on Application Security by extending existing Microsoft 365 Security and Governance policies.

As the Microsoft Entra ID is rolled out, it will take on a bigger role during account provisioning, application assignment, access/usage reviews, and entitlement governance.