Managing Customer and Partner Identities in the Cloud with Okta

As enterprises today move more aggressively to the cloud — and as their employees increasingly want to use anything but their desktop (laptops, tablet, smartphones) to access applications — IT organizations have to find new ways to manage identity and access across mobile devices and applications that are no longer within their four walls. But for many companies I talk to, that is just the tip of the identity management iceberg.

At the same time that businesses’ apps are moving to the cloud and their users are going mobile, their relationships with customers and partners are going online. For their partners, businesses are standing up portals to enable them to manage new revenue opportunities, participate in marketing activities or get product support information.

For their customers, businesses are combining public cloud applications or custom web applications and then exposing those applications in an effort to strengthen customer relationships or roll out new innovative service offerings.

In that world, where all of those users (customers and partners) are outside of the corporate network and many of those applications are also outside of the corporate network, it only makes sense to solve the related identity management challenges from the cloud. That is where Okta comes in, and today I am excited to highlight a great example where one of our customers, Purolator, used Okta to roll out a new online service to their enterprise customers, starting with Xerox, in record time and with great success.

Purolator is Canada’s leading freight and shipping company with more than 11,500 employees that deliver 1.3 million packages around the world each day to millions of customers. A significant part of that shipping volume is their returns business where they manage the process and fulfillment of goods on behalf of some of Purolator’s largest enterprise customers.

To accelerate that business, Purolator embarked on an initiative in 2011 to create a new E-Returns Portal. The E-Returns Portal was built on and helped Purolator’s enterprise customers (and their customers) more easily process and track returns for their products that were being handled by Purolator. But the portal introduced challenges for the employees and customers of Purolator’s customers who were accessing it. Purolator also faced some real challenges as they looked to broaden the usage of this portal across their enterprise customer base.

Xerox was one of the early enterprise customers for Purolator. Both Xerox employees, as well as their end customers, were using the portal to process returns of toner and printing supplies. End users would log into and then have to enter an additional username and password when they hit the returns part of the Xerox website (which was powered by the Purolator E-Returns Portal). Similarly, Xerox employees had to use a different username and password to access the Purolator E-Returns Portal even though they had an existing Open SSO solution deployed internally to provide access to all of their other applications. This quickly became a burdensome step for all of the end users that were managing returns, and this negatively impacted how often the portal was used.

Removing that unnecessary step for just Xerox employees and their end customers, and providing federated SSO into the E-Returns Portal, would have been pretty straightforward integration for Purolator. But in order to quickly roll out this capability to other enterprise customers beyond just Xerox, Purolator needed a way to seamlessly extend federated access to their portal for any other enterprise customers that also had an internal SSO solution. Enter Okta.

Partnering with Innovapost, Purolator’s IT division, we stood up an instance of our cloud service that allowed Xerox to easily integrate their Open SSO solution with Okta via SAML. So for any Xerox customer coming to — or for any Xerox employee — the Open SSO integration can SAML directly into Okta. Okta then processes that inbound SAML request to both provision the account in Salesforce initially and to grant access to the E-Returns Portal on an ongoing basis.

Within six weeks — yes, six weeks — we were able to roll out this solution that allows Xerox employees and their customers, through their Open SSO internal solution, to gain seamless access to the E-Returns Portal built on No more additional username and password required. Xerox employees simply log into the network in the morning and get access to any application they need, whether it’s arranging returns through Purolator or using another Xerox business application. Xerox customers simply log in once to and they also get seamless access to the E-Returns Portal.

How were we able to pull it off? Simply put, the cloud. We built Okta from the ground up to be a secure cloud service, so we’re able to move quickly without sacrificing security. This combination of speed and flexibility simply isn’t possible with an on premises solution. And the results? Xerox employees are very pleased, and Purolator has increased customer satisfaction. In addition, Purolator has accelerated the usage by Xerox employees and customers of the E-Returns Portal, and they now have a multi-tenant cloud service in place that they can literally scale with the click of a button to offer this same service to any other enterprise customer like Xerox. No changes to their environment required.

And to add to that, Purolator’s E-Returns program, part of the Xerox Green World Alliance (GWA), will keep an estimated 673,000 kilograms (that’s 1,480,600 pounds for those of us who don’t use the Metric system) of spent imaging supplies from Canadian landfills each year. That’s a lot of trash, and Okta is proud to be playing a role in making the program a success.

Check out the press release we issued this morning, and a case study we posted on our site, for more details.

The success of Purolator’s E-Returns Portal shows just how useful (and essential) customer portals are as businesses move increasingly online. And our ability to solve the identity management challenges of this external facing portal project in just six weeks with Okta underlines the fact that customers and partner identity management challenges have to be managed from the cloud.

Increase revenue, increase customer satisfaction, reduce cost and accelerate time to market. No hardware, no software, and no ongoing maintenance of a static identity management infrastructure. Isn’t the cloud great? We think so — and now so do Purolator and Xerox!