Demandbase: Turning Identity governance into business efficiency

Demandbase is a leading account-based marketing (ABM) platform that empowers businesses to target and engage with their most valuable accounts. With its innovative solutions, Demandbase has established itself as a key player in the marketing technology landscape, enabling over 1,000 businesses to grow and deepen their customer relationships. Demandbase has grown rapidly in the last few years, with a distributed workforce of over 1,000 contributors. 

As a technology business itself, Demandbase has recognised how critical it is for innovation to exist throughout its organisation, and its workforce is empowered to solve problems with an efficiency-focused Northstar. 

An evolving business environment demands a mindset shift

Demandbase’s IT and security organisation sees itself as a core facilitator of the organisational mantra of efficiency, considering it to be one of its most crucial outcomes. Demandbase has long recognised the importance of choosing an Identity partner that integrates across its broad technology environment and has been an Okta customer since 2015. 

In that time, the team has seen how critical identity can be to drive workforce productivity with simple end-user experiences and well-orchestrated identity management.

“We’ve built out a role-based access control that allows employees to pretty much get what they need based on their position within the company,” said Trung Nguyen, Demandbase’s Director of IT and Security.

Trung also recognised how important strong identity management is in limiting that access to avoid over-permission: “At the same time, we’ve worked hard to limit access by default to maintain appropriate permissioning.”

Challenge: Building the foundation for growing efficiency

Demandbase has relied on Okta Lifecycle Management for automating provisioning and deprovisioning for employees, but as the resource surface area and business demands have evolved, birthright access has proven to no longer be enough.

Nguyen and his team saw a massive influx of one-off access requests coming into the IT organisation, with upwards of 200 requests monthly. “Out of all the help desk tickets we get, access requests were by far the biggest number,” said Nathan Espiritu, IT systems engineer at Demandbase.

“Out of all the help desk tickets we get, access requests were by far the biggest number.” - Nathan Espiritu, systems engineer, Demandbase

While the manual process of provisioning may have taken up time for Espiritu, it was the time wasted on access request approvals that impacted the business the most. For every access request ticket that was submitted, an email correspondence with managers and security was required to approve a request and provision access. Demandbase’s organisation relies on Slack more than email as a means of communication and collaboration, which left access requests languishing unapproved and unnoticed.

Nguyen put it simply: “Our business goal is to drive the most productivity possible across our organisation … If it’s taking an engineer three, even four days to get access to a resource to get their jobs done? That's way too long.”

While access requests presented an expediency challenge in business productivity, certifying access was pulling the IT and security team away from more strategic automation outcomes and opening the door to possible manual errors.

Between pulling identities and transferring to spreadsheets for manual approval, Demandbase was spending six hours every quarter to track certifications, but that still left the removal of anyone whose access was revoked from a given resource.

The lack of automated deprovisioning after access was revoked left Demandbase with the constant concern of whether every revocation had been carried out fully, risking potential lapses in compliance.

“The scary part was going through and manually revoking access, moving dozens of users in and out of groups in order to carry out the proper action, said Nguyen. “As much as saving time matters, the bigger concern was the potential for human error.”

“As much as saving time matters, the bigger concern was the potential for human error.” - Trung Nguyen, Director of IT, Demandbase

Results: Finding efficiency without sacrificing security

Demandbase implemented Okta Identity Governance, relying on the bundled offering of Lifecycle Management, Workflows, and Access Governance to make life easier on end users while still delivering compliant, least privilege security.

Demandbase was able to start moving its access requests process to Okta Identity Governance in March, and has already seen a significant shift in how its workforce requests ad hoc access to resources. In a little over two months, over 300 requests have come through via Access Requests and its Slack integration. Managers and security team members are being notified via Slack that they have request actions to take, requesters are getting visibility into the request flow process, and Nguyen’s team is dramatically improving its access request fulfillment rate. While Espiritu may have previously spent considerable time being asked why access hadn’t been granted or chasing managers, IT can now simply build the request workflow and let Okta Identity Governance handle the rest.

In a little over two months over 300 requests have come through via Access Requests and its Slack integration.

“With OIG, employees have full visibility into the approval flow,” said Espiritu. “They can actually Slack directly or within the access request thread with their manager or with security to determine what’s holding up their access request. For managers, they don’t need to leave the same Slack app they’re already working in to review and approve the request, which really speeds things up.”

Demandbase has a goal of making 90% of its resources within Okta requestable through access requests by the end of the quarter. 

“We’re looking forward to training up the rest of the company to rely on access requests for pretty much everything,” said Espiritu.

Demandbase’s Northstar of efficiency is already being helped by Access Requests, while its mandate for compliance is benefiting from Access Certifications.

While the team continues to fine-tune the customisations around its certification approach, the early returns highlight two key outcomes for Nguyen and Espiritu. 

First, they’ve been able to move out of spreadsheets and centralise their access certification reporting. Instead of downloading a group of users from a resource and transferring to a spreadsheet, the team can simply build a certification campaign for the group or groups in Okta, saving some time and response headaches.

Second, thanks to Okta Identity Governance’s automation capabilities, access revocations are carried out without manual processes, avoiding potential miscues and keeping Demandbase in compliance.

Demandbase is continuing to find ways to get value out of Okta Identity Governance, adding more resources to access requests and deepening their adoption of access certifications, potentially looking towards Workflow templates to extend and automate more across the Workforce Identity Cloud. 

Learn more about Okta Identity Governance and how it can benefit your organisation here: https://www.okta.com/products/identity-governance/.