Relay GSE migrated from Okta to Entra ID and decreased maintenance and license costs significantly
The company figured that their previous Cloud Identity Provider Okta started being disorganized adding to their maintenance and license costs. Already having Microsoft 365 internally rolled out, made it obvious for them to adopt Microsoft Entra ID.
- Microsoft Entra ID
- Okta
Background
Relay GSE made use of many SaaS applications authenticating through Okta for Single Sign-on capabilities. Okta provided both students and staff with a seamless experience when logging into various applications such as Zoom, Smartsheet, and Microsoft 365. Over time though, Okta became disorganized, incurred increased maintenance and license costs. All these, combined with the rollout of a new Student Information System, prompted Relay GSE management to look for alternative Cloud Identity Providers (IdP). Having already rolled out Microsoft 365 internally, Microsoft Entra ID was an in-house option to replace Okta as their IdP and Single sign-on solution.
Solution
Netwoven assessed their current Okta environment to catalog the following-
- All users
- Applications
- Features used
- Customizations
- Groups
- Security
The target Microsoft Entra ID environment was also examined for best practices around user security, branding, application provisioning, group-based licensing and assignments, application consent, and more. A strategy and roadmap were developed which included:
- Reports on what was being used in Okta and by whom
- Health check and improvements on the current Microsoft Entra ID
- Migration mappings for Users and Applications (e.g. SAML, Plugin, OAUTH)
- A detailed schedule for each object/feature migrating from Okta
- Cutover strategy assessment (Big bang, waves by user type, waves by application priority)
- Security hardening plans for users using MFA, and application authentication methods
Netwoven worked closely with the customer to execute the strategy, starting with -
- Hardening Microsoft Entra ID
- Staging objects in Microsoft Entra ID
- Migrating guest accounts
- Migrating applications by waves
The Netwoven team went with the approach of migrating applications by waves but created linked applications to act as pointers in Microsoft Entra ID which made the migration seem like a big bang to users. This approach afforded the team the required flexibility when migrating some of the smaller applications, as the team just hid the linked app and made the true app visible in Microsoft Entra ID.
Business Benefits
Making use of the already existing Microsoft Identity stack saved Relay GSE on costs from duplicate services and allowed all the business applications to use Single Sign-On through the robust Microsoft Entra ID platform. The advantages gained by the customer due to migration to Microsoft Entra ID from Okta were-
- Cost savings
- Reduced the number of licenses users owned for different Identity Platforms
- Great user experience
- Users are automatically and seamlessly signed into both on-premises and cloud-based applications
- Easy to administer
- No additional components are needed on-premise to make it work
- Consolidating similar tools in one platform for EDR, remote monitoring, and management, etc.
As the new Student Information System rolls out Microsoft Entra ID will take on a bigger role during account provisioning, application assignment, access/usage reviews, and entitlement governance.
