HPE transforms service delivery in the cloud with Okta

We’ve had a wonderful journey with Okta the past six to nine months. We chose Okta because we wanted to work with a company whose entire business is to provide world-class Identity as a Service. A key part of the HPE GreenLake Central experience is unifying identity.

Travis Tripp, Architect, HPE GreenLake

Situation: Building a robust cloud framework

Hewlett Packard Enterprise (HPE) is in the midst of a momentous change. The company is reimagining its on-premises IT infrastructure products with the aim to transition all of its products to cloud-based as-a-service offerings by 2022. 

As customer demand prompts increasing numbers of on-premises IT providers to move their offerings to the cloud, the goal of this new direction for HPE is to enhance user experience for the company’s 11,000 customers in more than 150 countries.

In 2019, the organization introduced HPE GreenLake Central. This sub-brand delivers consumption-based IT services that enable customers to build a seamless experience between their public and private clouds, as well as manage and optimize their hybrid IT infrastructure.

“HPE GreenLake is the market-leading as-a-service offering right now,” said Travis Tripp, architect, at HPE GreenLake. “It delivers on-demand capacity and planning, combining the agility and the economies of public cloud with the security and performance of on-premise IT.”

The robust GreenLake Central platform has significant identity requirements, such as the need to securely federate and authenticate various user types including administrators, support teams, customers, and partners—all within a single user interface.

To meet these identity requirements, HPE needed an identity and access management (IAM) partner to help integrate enterprise identities and secure APIs. This would empower the company to successfully modernize its service delivery in the cloud.

Solution: Integrating enterprise identities

HPE enlisted Okta to provide unified IAM for its advanced GreenLake Central platform. The company deployed a hub and spoke identity architecture with one Okta organization per HPE customer that enables Okta’s full capabilities within every tenant, and allows HPE to customize tenants as needed for different user groups.

HPE Enterprise Network Diagram

When customers log in to GreenLake Central, they’re routed through a specific Okta organization to their identity provider, then issued an access token. If a user doesn’t have a single sign-on provider, Okta takes care of authentication. Okta Single Sign-On offers integrations with authentication and authorization frameworks such as SAML,OAuth, and OIDC, as well as integrates with Active Directory, giving HPE the benefit of flexibility.

“Our goal was to have a single entry point for customers, partners, and HPE employees,” Tripp said. “Our customers depend on us to ensure that their data is separate from other customers’. We want security to be our number one priority, so we use Okta Single Sign-On and per-tenant user groups, authentication policies, and authorization policies.”

Okta also provides HPE with tailored services to support specific employee tenants. For example, services are different for HPE administrators than for delivery and operations staff. Each tenant has an Okta organization that offers its own admin portal view ensuring that access is distinctly managed on a per customer basis.

In addition to ensuring an airtight, frictionless access experience, HPE GreenLake Central also uses Okta Adaptive Multi-Factor Authentication (AMFA) for Okta administrators. With Okta AMFA, HPE can enforce controls around policies related to passwords, lockouts, location, multi-factor authentication, and API service clients. This adaptive policy management offers HPE agility and the assurance of industry standards.

Finally, HPE uses Okta Hooks to empower its IT team to easily integrate systems with custom code on any cloud, hybrid, or on-prem infrastructure—amplifying the impact of the Okta Identity Cloud.


Fast deployment at scale

HPE GreenLake was able to implement Okta quickly, with an initial product deployment of just four weeks. The company has deployed hundreds of Okta organizations and plans to take that number into the thousands. The Okta Customer First team was a huge asset throughout the process.

Okta’s advanced security protected HPE’s large-scale deployment, and continues to help the company adhere to the principle of least privilege—that any actor must be able to access only the information and resources necessary for its legitimate purpose.

“It’s of the utmost importance to us to protect our customers, our partners, and our employees. That’s why we chose Okta,” Tripp said.

Seamless, flexible user experience

Okta enables HPE GreenLake to deliver a user-friendly, front-end customer experience, branded as HPE with Okta providing identity services in the background. 

The company uses Okta MFA to offer numerous authentication factor options to its customers. In addition, with Okta B2B Integration, HPE’s customers can use their existing IAM solution to gain access to HPE’s services. If a customer doesn’t have their own identity solution, Okta provides the ability for them to integrate their own SSO provider or on-prem directory with HPE.

Using Okta Lifecycle Management for SCIM-based provisioning, HPE has built integrations with a number of partner SaaS providers , which the organization manages on behalf of its customers.

Streamline identity management

As a SaaS provider, a user store is essential to your business. Skip the hassle of building one yourself and explore how Okta can automate the process as your IAM partner. Learn more about Okta’s Customer Identity products.

Or, learn more about how you can leverage 6,500 pre-built integrations with the Okta Integration Network.