Relay Graduate School of Education
Netwoven helped Relay GSE migrate from Okta to Azure AD single sign-on for all business applications
Netwoven helped Relay GSE migrate from Okta to Azure AD single sign-on for all business applications
Background
Relay GSE made use of many SaaS applications authenticating through Okta for Single Sign-on capabilities. Okta provided both students and staff with a seamless experience when logging into various applications such as Zoom, Smartsheet, and Microsoft 365. Over time though, Okta became disorganized, incurred increased maintenance and license costs. All these, combined with the rollout of a new Student Information System, prompted Relay GSE management to look for alternative Cloud Identity Providers (IdP). Having already rolled out Microsoft 365 internally, Azure AD was an in-house option to replace Okta as their IdP and Single sign-on solution.
Solution
Netwoven assessed their current Okta environment to catalog the following-
- All users
- Applications
- Features used
- Customizations
- Groups
- Security
The target Azure AD environment was also examined for best practices around user security, branding, application provisioning, group-based licensing and assignments, application consent, and more. A strategy and roadmap were developed which included:
- Reports on what was being used in Okta and by whom
- Health check and improvements on the current Azure AD
- Migration mappings for Users and Applications (e.g. SAML, Plugin, OAUTH)
- A detailed schedule for each object/feature migrating from Okta
- Cutover strategy assessment (Big bang, waves by user type, waves by application priority)
- Security hardening plans for users using MFA, and application authentication methods
Netwoven worked closely with the customer to execute the strategy, starting with -
- Hardening Azure AD
- Staging objects in Azure AD
- Migrating guest accounts
- Migrating applications by waves
The Netwoven team went with the approach of migrating applications by waves but created linked applications to act as pointers in Azure AD which made the migration seem like a big bang to users. This approach afforded the team the required flexibility when migrating some of the smaller applications, as the team just hid the linked app and made the true app visible in Azure AD.
Business Benefits
Making use of the already existing Microsoft Identity stack saved Relay GSE on costs from duplicate services and allowed all the business applications to use Single Sign-On through the robust Azure AD platform. The advantages gained by the customer due to migration to Azure AD from Okta were-
- Cost savings
- Reduced the number of licenses users owned for different Identity Platforms
- Great user experience
- Users are automatically and seamlessly signed into both on-premises and cloud-based applications
- Easy to administer
- No additional components are needed on-premise to make it work
- Consolidating similar tools in one platform for EDR, remote monitoring, and management, etc.
As the new Student Information System rolls out Azure AD will take on a bigger role during account provisioning, application assignment, access/usage reviews, and entitlement governance.
