Wealthsimple cuts app access wait time from 48-plus hours to one hour with Okta

Manually provisioning access to apps for a growing team of  over 1100 employees was not scalable or cost effective, leading Wealthsimple to invest in automated access control.

Wealthsimple is a Canadian fintech company serving 3 million Canadians, specializing in five areas: saving, trading, investing, tax, and crypto.

Wealthsimple’s small but mighty IT team of five serves over 1100 internal users federating more than 200 apps. Previously, provisioning app access was a manual process per user, per app, slowing down IT and impacting overall company productivity. Before Workflows, business terms were waiting 48 hours or longer, and IT resources were swamped with time-consuming provisioning processes.

Wealthsimple IT Manager Christopher Ejbich explains, “The access request user journey could take up to five days — just to grant access to a simple tool. Between the toil to get a ticket approved and the manual effort of managing requests, it became untenable.”

When seeking out a way to automate this process, Christopher and his team noticed challenges with timeliness and how to mitigate costs for API access to potential security risks.

Because Wealthsimple already uses Okta’s Workforce Identity Cloud as their Identity provider, tapping into the functionality of Okta Workflows would be a “perfect extension of existing capabilities,” according to Ejbich.

Solution: Okta Workflows enables Wealthsimple to automatically configure user access to applications 

Adopting Okta Workflows allowed Wealthsimple to automatically configure user access to applications. 

“As a well-documented and dynamic platform with which we were already familiar, Okta made sense,” Ejbich shares. “If you have previously set up an integration or an application with Okta, you know the documentation behind that is robust. Workflows is exactly the same. There is also a robust API library at no additional cost, which we could integrate with any custom workflow as needed. Most of all, we got the scalability we needed to offload the manual access management workload.”

How is the access request workflow built?

Initiating Okta Workflows starts with the creation of specific user groups that need automation, such as for employee onboarding and offboarding. Once the groups are established, Wealthsimple’s IT team configures the corresponding workflows within Okta, seamlessly integrating them with their existing apps and systems.

What does this look like? The group ID triggers the access request workflow. The workflow checks if the group ID exists and creates three groups: resource owner, resource group, and resource request approvers. These control group membership and group resource approvers, respectively.

For admins, Okta works on the backend to automate and delegate responsibility for these access request tasks, leading to quick approvals, transparency, and accountability. Streamlined processes make day-to-day admin tasks simple, secure, transparent, and easily managed through an intuitive interface. 

How does access request work for a user? 

Following the adoption of Okta Workflows and Okta Identity Governance, users simply request access through Slack integration. In many cases, access is already provisioned when they make the request thanks to automated processes. 

With the seamless Slack integration for real-time updates and communication, users have a direct channel for managing their requests. With a simplified approval pipeline and automation for faster processing, users should notice only that they get friction-free, near-instant access to the apps and systems they need. 

The impact

Thanks to simplifying and streamlining the access management process with Okta IGA and Workflows, Wealthsimple can highlight a number of positive outcomes. Customer experience and return on investment metrics lead the way.

Customer experience

Wealthsimple achieved what they refer to as “ripple effects of Internal efficiencies,” measured in four KPIs: 

• Reduced employee wait time for internal software requests from 48 hours to one hour (on average)
• Deepened customer trust with proof of enhanced security posture with Okta IGA and SOX certification
• Reduced error potential by streamlining access controls through automated approval systems
• Increased onboarding speed for new systems and integrations by 20%

Return on investment

The return on investment goes beyond numbers, giving the IT team significant opportunities to reclaim their time for more high-value projects and innovation. Five KPIs Wealthsimple measured to show ROI include:

• Significant time savings for IT team, between 10–20 hours a week 
• Improved employee productivity and morale, reducing ticket numbers by 15%
• Reduced operational costs by over $150k USD
• Enhanced security around RBAC, ensured granular permissions, and minimized potential breaches, achieving SOX certification
• Established future scalability, with 200-plus integrations and apps 

Okta Workflows makes it easy to automate Identity processes at scale — without writing code. For more information on how Workflows can help you navigate challenges of lifecycle management, application provisioning, and account management, check out the following resources:

Video: Getting Started With Okta Workflows - Building Your First Flow

Guide: Getting Started with Okta Workflows

Product Page: Okta Workflows