Camunda Improves the Employee Experience with Okta

Early success, rapid growth

Camunda was built around automation, efficiency, and productivity.  “Camunda helps a wide range of companies automate mission-critical business processes,” says Eyal Marantenboim, Camunda’s head of IT. “If you have business processes, you can automate them using Camunda.”

The company employs approximately 200 people, and it continues to grow rapidly because of its innovative technology and open source business model. In fact, Camunda is growing so quickly that it has been repeatedly recognised as a high growth company by Deloitte.

After experiencing so much growth—and with more to come—Camunda knew it needed to reassess its own IT processes. Specifically, it wanted to centralise its environment, improve its policies, increase security, and automate its provisioning processes.

A need for centralisation

Camunda hired Marantenboim to guide the initiative. “When I joined the company, it relied entirely on manual updates. We wanted to automate anything that had to do with onboarding and offboarding, and to centralise using either single sign-on or lightweight directory access protocol (LDAP).”

Camunda already had an LDAP set up, but because it was hosted on Camunda’s servers, it was expensive and work-intensive to maintain. Camunda wanted to keep its internal LDAP server, while reducing overhead with an identity solution for SaaS app authentication. But it would need a product that could integrate with its existing directories, while allowing the company to pass off the hosting and maintenance responsibilities to a trustworthy, reputable cloud provider.

The company’s first priority was to automate all processes related to provisioning and deprovisioning, but Camunda wanted to explore other ways to improve productivity as well. Single sign-on, for example, presented a significant opportunity to increase employee productivity, reduce helpdesk calls, and consolidate the entire environment with a single source of truth.

There were also security benefits to be had. Security is a critical consideration for all companies, but it’s particularly important for companies in industries and regions with stringent regulatory requirements—like Camunda.

Automating the provisioning process would reduce the chance of human error creating internal vulnerabilities, which can happen if an administrator forgets to disable a former employee’s account, for example. Single sign-on could improve the company’s security posture by reducing the possibility of people writing down passwords.

A well-rounded solution 

Marantenboim knew he would need an identity partner in order to achieve all of these goals. He looked at a number of solutions including Okta and OneLogin.

“I had used Okta before and I liked it, but of course, we also needed to test alternatives,” says Marantenboim. “Okta and OneLogin were the only two solutions that provided LDAP single sign-on and provisioning. And in the end, things didn't work as nicely with OneLogin as they did with Okta.”

Before deciding which Okta products to purchase, Camunda explored ways to automate the provisioning process and establish a single source of truth. When Camunda discovered that Okta could significantly improve its security posture, it decided to purchase a range of Okta products including Universal Directory, Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Lifecycle Management.

The deployment process went quickly. The company imported employees into Universal Directory from its LDAP server, and from there, Camunda was able to tap into the other Okta products.

Achieving automatic provisioning

After adding employees and integrating apps, Camunda set up automatic provisioning.

“For the provisioning, we started by adding some basic applications,” says Marantenboim. “Within a couple of weeks, Okta was integrated with 15 or 20 apps, including Jira, Confluence, Zoom, Egnyte, GitHub, Office 365, G Suite, and Salesforce.”

Administrators still frequently set up employee identities manually, but once the user account is created, the company can automatically provision employees with access to any Okta-integrated apps.

“I just love that you can assign a new user to a group and they’ll get all the apps they need automatically,” says Marantenboim. “Plus we only have to disable users in Okta once, and they lose access to all those tools right away.”

Camunda populates some groups automatically, as well, using group rules to determine where the users should be placed. The company also uses group rules to provision users with some of their external apps.

With its new solutions and processes in place, Camunda has already cut manual provisioning tasks by 70%. That’s a notable achievement at any time, but the increased efficiency has been invaluable during the COVID-19 era.

“Last month we had 22 new employees and it was already tough because we needed to make sure everyone had equipment,” says Marantenboim. “With COVID-19, it's impossible to get laptops, so we spend a lot of time looking for hardware. Luckily, setting up the accounts is the quick part. If Camunda gains a hundred more employees this year, automatic provisioning will definitely make our lives easier.”

Simplifying security

The company has also experienced significant security benefits. With employees signing in through a single dashboard, they’re less likely to write down passwords and—potentially—lose them.

“You always have those people whose password is ‘12345,’ says Marantenboim. “Many of the tools don’t even need an individual password anymore. Instead, we can set up a password at the Okta level that meets our password requirements.”

Meanwhile, MFA adds an extra layer of security across the entire infrastructure, and allows Camunda to set up granular policies, like geo-blocking.

“It gives us a bit more visibility into where people are when they access our apps, and it indirectly forces them to use the VPN if they’re in a more vulnerable area, like on the train,” says Marantenboim. “We don't want to enforce a VPN policy—so instead, we give them the extra motivation of not having to use two-factor authentication if they use VPN.”

The extra visibility has had some unexpected benefits, too. Camunda’s HR team is able to get a sense of how many people are viewing newly published positions, and the company is able to make more educated decisions around license purchases. 

“We can see who’s using our individual apps,” says Marantenboim. “With Zoom, for example, we were able to understand who actually needs the licensed version and who only needs the unlicensed version. We did some clean-up around that a couple of weeks ago.”

Getting employees on board

Overall, the ability to set up granular policies has been the most useful security feature for Camunda. This increased control allows Camunda to balance security and usability for its employees—allowing them to get their work done in a seamless way, while still keeping them secure.

“It was critical to be able to automate the onboarding and offboarding processes, but the security part was really important—that's why we ended up using Okta,” says Marantenboim. “People wanted to get rid of two-factor identification, but we told them no. Instead, we disabled two-factor identification at the app level and enabled it on Okta instead. Then we could tell people, ‘if you use Okta, it will only ask you once and you’ll be signed on.’”

The seamlessness of the Okta platform made it easier to promote adoption. The company made sign-up optional at first, and approximately 60% of employees jumped on board after realising how easy Okta is to use. “If they don't need 20 different passwords for different applications, and they don’t have to change their passwords all the time, it just makes their lives easier,” says Marantenboim.

After allowing optional sign-up for about three months, Camunda began enforcing SSO access for Confluence and Jira. At that point, all employees began using Okta, and now they regularly ask IT to integrate additional apps. Camunda’s developers are happy with the new environment as well. Recently, they began using Okta to sign into one of their internal apps.

“Now, if we receive any kind of app request, we integrate it with Okta,” says Marantenboim.

Flexible global access

With Camunda expanding internationally, a consolidated IT environment with increased security and automatic provisioning processes will make a big difference when administrators perform related IT tasks.

“Being able to provision and authenticate users all in one place will make everybody's life easier,” says Marantenboim. “We don't currently have an IT presence in the US, but if people can use their Okta password to access the WiFi in our Boston office, then it's one less headache we’ll need to deal with.”

In general, Okta’s simplicity is key. “The best thing about Okta is that it works,” says Marantenboim. “We can integrate it with Okta API or with the LDAP interface. It works so well with our WiFi technology. That’s how I see it—overall, it will help us with the growth that we’re looking for.”

About

Camunda is an open source software company innovating process automation with a developer-friendly approach that is standards-based, highly scalable and collaborative for business and IT.

A community of thousands of users across companies such as Allianz, ING, and Vodafone design, automate and improve mission-critical business processes end-to-end with Camunda, enabling them to build software applications more flexibly, collaboratively and efficiently, gaining the business agility, visibility and scale needed to drive digital transformation. To learn more visit camunda.com.