2 tenants into 1, 70 unique apps moved across tenants
The drive for the consolidation:
Multiple OKTA tenants with federated trusts between them. Global users logging into different OKTA tenants dependant on the application. Large overhead on licensing and cost management of the different tenants. Large overhead on Technology resources to maintain two tenants.
Our customer is moving on a journey to become more globally aligned and consolidating cloud technology platforms like OKTA to provide a single production environment for user management and authentication into global cloud applications. With two OKTA tenants with multiple applications and users authenticating in different places this architecture was providing a challenge to scale global technologies easily.
Based on the expertise, experience and references from other customers, the global publication company chose approached CEyX to provide expertise and resources to lead their internal teams and external teams to a successful project delivery.
Figure 1: Legacy architecture
A changing environment
With 70+ global applications mastered within the OKTA tenant, this was a large engagement and coordination effort with multiple vendors and business applications owners to help support the consolidation.
The largest and most complex integration was Workday used for user profile mastering for US employees which after a discovery with the OKTA professional services team a move from one OKTA tenant to another has very been completed before.
Leading the approach
Strong engagement was required across all 70+ applications and vendors to gather information on what was required to complete the migration process and re authenticate the SSO to the new OKTA tenant.
Each application had varying user impact which was evaluated on engagement with an application owner. Larger global applications had a dedicated change management engagement with user communications explaining there could be a small outage and authentication required which was all handled within the project and internal communications.
Where we’ve helped the customer get to
A single instance of OKTA that is mastered by multiple sources depending on where the user is authenticating from.
All global and local applications are now pointing to a single SSO allowing easier global application assignment and authentication. The expansion of Workday to further countries has now reduced complexity as all users are stored and mastered in a single OKTA tenant
Figure 2: Destination architecture