Imerys: Securing mammoth mineral firm’s global workforce in the cloud
connected to Imerys' cloud infrastructure via Okta
available to employees through Single Sign-On
deployed easily by Imerys team with minimal support
- Moving to the cloud for a less fragmented infrastructure
- Multiple IAM needs, one platform
- Intuitive user account access for all
- Securing a growth-ready cloud infrastructure
- Transforming further through automation
Having grown primarily through mergers and acquisitions, and with more than 220 sites across 40 countries, Imerys decided to switch to a cloud-based approach for its key user applications. The goal: to bring 13,000 connected colleagues onto the same productivity, HR, and CRM solutions, put these solutions in place securely, and drive change by encouraging full adoption.
The initial goal was to implement advanced security measures and single sign-on so that users could securely access applications such as G Suite - but Imerys also wanted to improve lifecycle management and simplify authorisation processes. To access a complete suite of solutions that answered all of its IAM requirements, Imerys chose Okta.
Within the initial phase of deployment, Imerys connected its key SaaS-based solutions to Okta, so employees can now easily access G Suite, Salesforce, and Workday using Single Sign-On. Logins are managed using Multi-factor Authentication (MFA) to help prevent fraudulent access such as brute force attacks, and reduce the incidence of locked accounts. By synching Workday user account registers using Universal Directory, and Lifecycle Management, Imerys automatically creates all necessary authorisations when a user is onboarded. It also keeps Imerys’ intranet “who’s who” updated so employees can easily reach their colleagues, wherever they are in the company.
Imerys' connected employees can now easily access 50 applications through Single Sign-On, which is helping to support the introduction of more cloud-based software. By increasing security using features such as Impossible Travel detection, Okta isn’t just helping to protect user accounts from fraudulent access, it’s also reducing the amount of time spent unlocking accounts and resetting passwords. The result: a more transparent, more efficient user management infrastructure that makes it easier to integrate new IT systems whenever new companies are acquired.
Now, Imerys wants to automate its application access rights management further using Lifecycle Management Workflows. In this way, Okta will continue to support the digital transformation of Imerys, and particularly the adoption of new applications, which ultimately are helping its employees to serve its clients more effectively.
With Okta, we’re reducing our operational burden and accessing a more powerful, more modern IT infrastructure that better responds to the various functions of our employees, and ultimately, the needs of our clients. And it was so easy to do.
Joël Fromont, Chief Digital, Networks and Information Security Officer, Imerys
Did you know: one of the biggest challenges in reducing carbon emissions isn’t getting cars off the road - it’s making them lighter. With more than a century of combined mineral expertise at its fingertips, and the technical know-how to back it up, that’s where Imerys comes in. Founded in 1880, it has adapted throughout the years to support the changing needs of its clients in the automotive industry. It's one of the many examples of minerals in our daily lives.
Under CEO Alessandro Dazza, appointed in 2020, Imerys is evolving again. By organising its offering according to the markets it serves, from automotive to construction to consumer packaging, it aims to focus even more closely on supporting its customers.
To reach its world-leading position, Imerys has grown by acquiring other companies. Today, it oversees operations in 40 countries, and has more than 220 sites around the world. With so many diverse industrial operations, and a dynamic acquisitions strategy, its IT network had become fragmented. To create a more unified ecosystem, Imerys decided in 2016 to undertake a digital transformation project and move key systems into the cloud. The goal was to enable access to the same key applications, whether an employee was a mining machinery operative or an office-based administrator - and also to speed up the process of change.
A full ecosystem of solutions that clients can trust
For Joël Fromont, who is Chief Digital, Networks and Information Security Officer at Imerys, identity management was a key concern from the very beginning of the transformation. "When you're making the move to the cloud, you should be asking yourself: what about identity management? It makes it quicker and easier to put new applications in place, which encourages employees to adopt them. It’s a great accelerator of change.”
Joël was looking for more than just a way to manage identities, or a product that could only safeguard access. He wanted a full ecosystem of solutions: help with lifecycle management to speed up employee onboarding and offboarding, multi-factor authentication to help secure Imerys' new cloud-based, SaaS-oriented infrastructure, and the ability to handle access rights in a targeted way. "In the industrial B2B context, trust is crucial," says Joël. "IT systems need to be reliable so that we can deliver to our clients when they need us, while also keeping them safe from any attacks that could compromise them."
Joël had some experience of other cloud identity management solutions, and he had also been following the Okta Identity Cloud as it evolved. "We had already chosen our key providers, so I wanted an IAM solution that would be easy to integrate with G Suite, Salesforce, and Workday," he explains. "I attended an Okta seminar at a conference in London, and my impression was of a mature, trusted partner with an exhaustive choice of products to cover every IAM need." Within three months of signing the contract, Imerys had put its first Okta solutions into place.
The initial challenge was to provide easy access to new applications for the 13,000 colleagues who are connected to Imerys' IT systems. Imerys achieved this by implementing Single Sign-On, using Multi-factor Authentication to provide advanced security measures based on device, location, or network contexts. In a typical example, users accessing their emails might confirm their login on their smartphone using the Okta Verify app. For users accessing applications from the Imerys network on industrial sites, who might not have access to their mobiles, their IP address is used as a second factor. "We have a very broad range of employees, and Multi-factor Authentication offers the necessary strong safeguards to help prevent fraudulent attacks," says Joël. "That saves us time, and helps us to avoid the inevitable financial costs of accounts being blocked."
Keeping user accounts up-to-date, automatically
Another key reason for choosing Okta was to automate the management of user identities throughout their tenure at Imerys, and ensure consistently up-to-date user databases. "Offboarding is just as important as onboarding, because we need to make sure user accounts are deactivated after employees have left the company," says Joël. When Imerys implemented Okta, it synced its six Active Directories to Universal Directory, and now uses Workday as a master via Okta's free Workday integration. When a new user account is created in Workday, accounts are automatically created for all the applications that the user needs to access. "With Lifecycle Management, the process is much quicker than before," says Joël.
To get this key integration right, Imerys turned to the Okta Professional Services team. "We realised that the process would benefit from a deep knowledge of both solutions, Workday and Okta," says Joël. "My team handled 90% of the implementation processes, but we turned to the Okta team for support when we needed it." Now, as well as having a faster turnaround for creating new user identities, Imerys' intranet is also synced to Workday via Okta. "Thanks to the Workday integration, we’re able to automatically update the user register on our intranet," says Joël. "For a global company like Imerys, it's critical that employees have access to updated information so they can easily find the right colleague with the right skill in any division from across the company."
Moving forward with secure yet seamless access to apps
Okta is also helping to secure Imerys from phishing and password-focused attacks, which had previously left users locked out of their accounts. "We now have several layers of protection in place," says Joël. For example, the Impossible Travel feature of Okta Multi-factor Authentication prevents logins by identifying when two logins are attempted one after the other in geographically distant locations. Previously, those accounts would have been locked after a certain number of attempts, but Impossible Travel both protects the accounts and means that users don't have to contact the helpdesk for a password reset.
The big picture? Today, it’s faster and easier for Imerys to implement new applications, which helps to encourage innovation and drive forward its cloud-first strategy. It now has around 50 cloud-based applications integrated with Okta, and Joël believes making it easy for users to access them is key to encouraging adoption. "Making access easy can be the difference between users choosing to access a new application, or ignoring it," he explains. "With Single Sign-On, our employees don't need to remember new logins and passwords for new applications, and are more likely to use new apps." And when new companies are acquired, this kind of transparent and efficient user management makes it easier to bring new user directories and IT systems into the mix.
Now, Joël plans to automate authorisations further using Lifecycle Management Workflows to handle application access requests more directly and reduce the burden on the IT helpdesk. "The main reason I would recommend Okta is that it's so simple to implement," says Joël. "With Okta, we’re reducing our operational burden and accessing a more powerful, more modern IT infrastructure that better responds to the various functions of our employees, and ultimately, the needs of our clients. And it was so easy to do.”