Case Study – OKTA consolidation

2 tenants into 1, 70 unique apps moved across tenants

The drive for the consolidation:

Multiple OKTA tenants with federated trusts between them. Global users logging into different OKTA tenants dependant on the application. Large overhead on licensing and cost management of the different tenants. Large overhead on Technology resources to maintain two tenants.

Our customer is moving on a journey to become more globally aligned and consolidating cloud technology platforms like OKTA to provide a single production environment for user management and authentication into global cloud applications. With two OKTA tenants with multiple applications and users authenticating in different places this architecture was providing a challenge to scale global technologies easily.

Based on the expertise, experience and references from other customers, the global publication company chose approached CEyX to provide expertise and resources to lead their internal teams and external teams to a successful project delivery.

Figure 1: Legacy architecture

A changing environment

With 70+ global applications mastered within the OKTA tenant, this was a large engagement and coordination effort with multiple vendors and business applications owners to help support the consolidation.

The largest and most complex integration was Workday used for user profile mastering for US employees which after a discovery with the OKTA professional services team a move from one OKTA tenant to another has very been completed before.

Leading the approach

Strong engagement was required across all 70+ applications and vendors to gather information on what was required to complete the migration process and re authenticate the SSO to the new OKTA tenant.

Each application had varying user impact which was evaluated on engagement with an application owner. Larger global applications had a dedicated change management engagement with user communications explaining there could be a small outage and authentication required which was all handled within the project and internal communications.

Where we’ve helped the customer get to

A single instance of OKTA that is mastered by multiple sources depending on where the user is authenticating from.

All global and local applications are now pointing to a single SSO allowing easier global application assignment and authentication. The expansion of Workday to further countries has now reduced complexity as all users are stored and mastered in a single OKTA tenant

Figure 2: Destination architecture

CEyX were the SMEs that engaged and led internal resources to not only to understand the change technically but lead the change management approach. This allowed the project to support our market's local language requirements which accelerated adoption and led to new ways of working more collaboratively and effectively using Google Workspace.

We were implementing G-Suite across a global organisation, across 12 countries and tens of thousands of users, and we brought in CEyX to work alongside the delivery partner. They took on the full responsibility of the roll out including everything technical and the change management across all markets. I have worked in delivery for over 20 years and I can honestly say have never worked with a better team. They brought the highest level of expertise, energy and really connected with the people they were working with across all levels. There wasn’t a part of the organisation that they didn’t personally speak to and work with to ensure the transition was seamless. And they even delivered VIP service to the executive team. Matt Wilkinson is easily the best programme director I have worked with, he has a perfect blend of personable energetic style with an extensive technical understanding and so he is able to work across change management and implementation. An absolute joy to work with and this approach rubbed off on his team who all displayed the same positive energetic style. CEyX was able to roll out the system to every user in the company over just a 6 week timescale and with no complaints from any users across the world, and no technical setbacks. The best SaaS roll out I have ever seen. CEyX is not a consultancy, they are a true delivery partner.