Comcare maintains business continuity and streamlines a complete migration to the cloud with Okta
to implement core platform
to integrate new applications
- A desire to retire all on-prem infrastructure
- The need for centralised identity
- Okta for workforce and customer use cases
- Fast and complete integration for full visibility
- Stability in a year of instability
Comcare, Australia’s national authority for workplace health and safety, operates offices in every state and territory in Australia. Two years ago, the organisation decided it was time to embark on an organisation-wide effort to modernise its IT systems: all on-prem infrastructure was to be relocated to the cloud over time, to facilitate secure data storage, remote work, organisation-wide visibility, and a better user experience.
As the legacy IT was moved or replaced by cloud services, Comcare needed a centralised identity solution so employees and external stakeholders could access applications from a single login. A centralised identity would ensure deprovisioning of employees could be done simply and completely.
Okta was the right identity solution for Comcare. The Okta Integration Network had ready-made integrations for many of Comcare’s key applications. Okta Single Sign-On and Multi-Factor Authentication facilitated a single login for employees and users anywhere, on any device. Once the decision was made, implementation happened quickly, with the core platform set up and working within a week.
Comcare’s cloud services team migrated one system to the cloud at a time, starting with Office 365. That was followed by the organisation’s finance and HR systems, among others. To ensure complete visibility—and effective deprovisioning—the team determined that every application in use would be integrated with Okta.
In addition to supporting Comcare’s shift to remote work in 2020, Okta’s reliability shone and instilled confidence in the team—Comcare did not experience a single drop in availability, even as use of Okta increased. With the solid IT foundation in place, Comcare is looking forward to using Okta to verify the identities of external users who access Comcare services, and ensure a better, more secure user experience.
Okta just gets out of the way and does its job. We’ve had no availability issues at all.
Peter Hinchley, Solutions Architect, Comcare
Modern IT for today’s workplace health and safety
As Australia’s national authority for workplace health and safety, Comcare is responsible for ensuring healthy workplace environments and for helping injured workers get back to work in a timely manner.
Comcare has a broad and important mandate that requires secure and accessible IT infrastructure for users who are dispersed across the country.
In 2018, Comcare determined it was time to eliminate on-premise data storage and software and embark on a major IT modernisation project.
“We want all our on-premise infrastructure to be relocated or repurposed to the cloud,” says Peter Hinchley, solutions architect with Comcare. “Our team is responsible for working through all of Comcare’s on-premise systems, and migrating them, one by one, to SaaS products. Hopefully in another two to three years, we'll be able to turn off the last piece of equipment that we manage ourselves and be entirely cloud-based.”
To support the migration, Comcare recognised it needed two foundational pieces of technology: an identity access management system and an API management system.
“There were always different ideas around what solving identity and access management meant and that complicated our business requirements process.”
Centralised identity for users and employees
While evaluating various available products, though, Hinchley and his colleagues were able to clarify exactly what technology Comcare required to move its transformation forward, and why. That included a web interface for their cloud management system that would offer better visibility and secure, streamlined identity management.
“As we moved applications to the cloud, one by one, we didn’t want our employees to have to log in to each of those systems, like they were little islands,” Hinchley says. “We really wanted a centralised identity point to enable things like single sign-on. And when employees leave, we wanted to have one spot that we could decommission from.”
At that point, Comcare had three types of identities in their Active Directory environment: full-time employees, contractors, and external users. Each was managed by a different set of policies and permissions, which made it difficult to deprovision individuals when they were on leave or left their position, and this opened the door for potential security risks.
“The problem was that all those disconnected identity stores meant we did not have visibility into the systems that users were accessing. We had to hope that people remembered to clean up their systems and transfer access before leaving. It just wasn’t scalable,” Hinchley says.
A secure user experience for all with Okta
As Comcare’s specific IT needs became clearer, so did additional use cases that would take advantage of solutions like user authentication and multi-factor authentication. “We thought about Comcare’s staff and how they were going to access services in a fast-paced world,” Hinchley says. “How staff were going to access the services we provide, and how other members of the public were going to engage with Comcare. Ultimately, we needed a centralised identity source to manage all those pieces. And it had to be secure.”
The Okta Identity Solution is ideal for Comcare, in part for its easy integration with many of the applications Comcare was using, through the Okta Integration Network. Okta offered all the workforce identity solutions Comcare was looking for, including Okta’s Single Sign-On, Adaptive Multi-Factor Authentication (AMFA), Universal Directory, Lifecycle Management (LCM), and API Access Management. Comcare also procured a number of Okta’s customer identity and access management (CIAM) solutions, including Adaptive MFA, LCM, and Okta’s core CIAM platform.
Easy implementation, smooth roll out
Once Comcare decided to move forward with Okta, implementation came quickly. The first thing Comcare did was synchronise identities into Okta. “With the Active Directory connector, we were able to enable Okta Single Sign-On and integrate it with the front end of our web-based claims management system.”
With the core platform implemented, Comcare turned to risk-based authentication using Okta’s Adaptive Multi-Factor Authentication. Technical staff now uses two-factor authentication to login to secure admin workstations before accessing IT resources. This ultimately improves Comcare’s security posture and audit readiness.
“After that came a few weeks of tweaks and customisations, but standing up the core product and confirming it was functional really only took a week.”
Those tweaks and tests involved setting up Multi-Factor Authentication, refining sign-in policies, and implementing consistent branding. With the Okta foundation set up, Comcare was ready to undertake its first major Okta integration: Office365.
Comcare’s cloud services team did the technical work but, because it was their first big software migration using Okta, they hired Okta Professional Services for about 40 hours to validate their approach.
“It was more for our risk comfort,” Hinchley says. “Okta looked at our plan and said, yup, that's going to make sense and that should be fine. It all went remarkably well. No issues.” Hinchley also turned to Okta Professional Services to proactively confirm their plans would align with Okta’s capabilities.
Enabling full visibility
From there, integrating other apps—including the Comcare HR system—with the Okta platform has gone smoothly, each taking a day or so to implement, test, and document.
“We have had little bursts of activity around different initiatives, but over the last couple months, it's really just been as new applications have come on board, or as we've moved something from on-prem to the cloud, we go through the process of integrating with Okta and it's usually very straightforward. The entire process to set up, test, document, and roll out a new application to our end users now only takes about a day,” says Hinchley.
Currently, all staff have an Okta account. Through that single login, they can securely access Office 365, the Comcare HR and finance systems, the Comcare internet and intranet sites, campaign mailing software, and other applications from any device, anywhere.
Having an integrated system means Comcare’s security operations centre can monitor Okta logs—along with any other IT logins—through a single pane of glass. Any anomalous activity is identified and raises an alert.
Reliable and stable identity management
Through the fast-paced IT changes of the past year, Okta has been a constant source of reliability and stability.
“Okta just kind of gets out of the way and does its job,” Hinchley says. “With Okta we’ve had no availability issues since moving our services to the cloud”.
Currently, Comcare’s Okta-powered services are primarily used by internal workers and a small group of external users, including workplace rehabilitation providers. The next big task will be to extend it further out for external users who need to access Comcare services.
“We’re looking forward to working with Okta to build an identity flow and step-up authentication process whereby people have to provide additional information based on the services that they're accessing for verification of who they are.”
Comcare is Australia’s national authority for workplace health and safety, and workers’ compensation. The organisation is responsible for implementing the government’s policies in federal workplaces to drive social inclusion and productivity.