Okta helps Intercom achieve its infrastructure vision: 100% cloud. Zero Trust. Highly automated.
employees working across five international offices
cloud IT infrastructure
weeks to implement Okta across the company
engineering time required for IT automations
- A cloud-only commitment
- An effortless transition to remote work
- Minimizing manual work and friction
- Zero Trust—no Active Directory required
- The best kind of partnership
As a fast-growing company built in the cloud, Intercom needs to establish a flexible, 100% cloud IT infrastructure. IT looks to partners who can help them achieve their Zero Trust vision, while automating as many tasks as possible.
In early 2018, Intercom completes a migration to Okta that takes less than two weeks. When Covid-19 hits, 99% of applications sit behind Okta, with Duo as a second authentication factor. Moving to remote work was a simple transition.
At the suggestion of the Okta Customer Success team, Intercom embraces Okta Workflows as a no-code automation integration platform. With it, they can increase automation without requiring engineering time, minimize manual work and friction, and improve security alert response times.
With Okta Devices and Okta FastPass, Intercom brings devices into its Zero Trust strategy, enabling passwordless authentication and increasing context-driven access decisions. Finally, Intercom extends its Zero Trust perimeter to Microsoft Windows devices, bypassing any need for on-prem Active Directory.
Intercom IT continues to explore Okta Platform Services offerings, including Okta Directories and Okta Identity Engine. Okta’s Customer Success team plays a key role in helping the team achieve their Zero Trust goals, leading beta testing for promising new features.
Emanuele Sparvoli, Head of IT, Intercom
As a platform, Okta has had a strong influence on Intercom, enabling us to grow organically at the speed we needed and creating the infrastructure that works for us.
- More than 600 employees working across five international offices
- 100% cloud IT infrastructure
- 2 weeks to implement Okta across the company
- Significant reduction in time spent onboarding and offboarding employees
- Increased productivity for new hires
- Reduced risk of manual errors and security breaches
- Zero engineering time required for custom IT automations that minimize manual work and friction, and improve security alert response times
- A no-code automation integration platform that extends beyond Okta and the Okta Integration Network
- An effortless transition to remote work during the Covid-19 pandemic
- Ability to achieve a Zero Trust user and device perimeter, without the need for Microsoft Active Directory or a VPN
A cloud-only startup stays in the cloud
In the age of Covid-19, more people than ever before are working remotely, shopping remotely, and cultivating relationships remotely. San Francisco and Dublin-based startup Intercom is a key partner for many organizations adapting to this new environment.
Intercom is a Conversational Relationship Platform (CRP) that delivers personalized, messenger-based experiences for sales, marketing, and customer support teams. The technology goes beyond typical live chat to deliver contextual, conversational experiences at scale.
When Emanuele Sparvoli joined Intercom to lead IT in 2016, the company consisted of two offices, 140 employees, and virtually no IT infrastructure. Employees collaborated using G Suite, supplemented with a few Google-supported SAML applications and no real identity and access management (IAM) solution.
“I remember describing it to my wife after my first day as a huge coffee shop,” he says. “Everything was manual. Employees were just handed a laptop and expected to figure it out.”
Today, the company has grown to more than 600 employees across five offices around the world, and while Sparvoli and his team have added IT infrastructure, they’ve kept it solidly in the cloud.
Intercom has flexible hours, and people frequently work from home. From previous experience, Sparvoli knew the pain of managing a network infrastructure VPN for remote access. He had no interest in tethering this cloud-based startup to anything in the perimeter of the office.
Growing a company fast—without breaking it
Back in 2016, cloud-only companies were few and far between, so Sparvoli had to seek out the right combination of solutions to fulfill his vision for Intercom’s infrastructure.
The Intercom team had to develop a custom solution to import data between Google and the company’s human resources information system (HRIS), for example. “We had a scattered software stack that we wanted to centralize,” he says.
The company was also dealing with a hyper-growth environment and a fast-paced, customer-focused culture. “Not breaking that fast-moving culture was one of the biggest challenges we faced while Intercom grew,” says Sparvoli. “We had to introduce a certain level of compliance and security, without creating too much friction for people trying to do their jobs.”
Intercom IT addressed those challenges by sticking to a few key principles:
- First, they look to partners, rather than custom software. “We don’t want to build infrastructure if there’s a solution on the market that we can trust,” says Sparvoli.
- Second, they focus on automation. Intercom’s product features industry-leading automation, so bots can handle repetitive tasks and sales, marketing and support team members have more time to focus on high-impact work. Intercom IT takes the same approach.
- Finally, they take a Zero Trust approach to security. While Sparvoli is committed to a low-friction infrastructure, accessible from anywhere, he also understands that the people and devices accessing that infrastructure double as the security perimeter.
An effortless transition to remote work
Because securing access for people and devices is primary to the Zero Trust approach, identity management became the first pillar of Intercom’s cloud infrastructure. “It was clear that we needed to create the concept of identity for employees and then build trust in that identity,” says Sparvoli.
The team narrowed their IAM partner options down to two: Okta and another vendor, and went with the second vendor initially. The move to Okta came after Intercom got caught up in the vendor’s 2017 security breach. “We were not satisfied with their response, from a communication and transparency perspective, but we kept using the product,” says Sparvoli. “Then, there was a secondary breach.”
While Intercom data and applications stayed secure thanks to countermeasures the team had in place, they came to the conclusion that Okta was the more trustworthy identity partner.
It took less than two weeks for Intercom to migrate to the Okta Identity Cloud in early 2018. To establish an additional layer of trust for user identities, the team also introduced second-factor authentication using Okta’s integration with Duo Security. Today, says Sparvoli, “Okta is the pillar of our identity and access management solution. Ninety-nine percent of our applications sit behind Okta.”
Because everything at Intercom was centralized on the Okta Identity Cloud, the company’s transition to fully remote work during Covid-19 came with virtually no difficulty. “It was quite an easy switch,” he says. “People could just go home with their laptops and work like nothing happened.”
Wrestling with employee onboarding and offboarding
Before Okta, Sparvoli struggled to keep up with Intercom’s growth. “Onboarding and offboarding were always two of my biggest problems,” he says.
As the number of weekly new hires grew, so did the manual processes required to onboard them. New employees often had to wait up to two weeks to get complete access to everything they needed. Likewise, the team needed at least two hours to offboard employees when they left the company. All the repetitive manual tasks resulted in a higher-than-acceptable number of human errors, which increased security risks.
Partnering with Okta Professional Services, Intercom automated many of those processes with Okta Lifecycle Management and a custom HRIS integration. The Okta Identity Cloud allowed the team to quickly centralize IAM for all of their cloud applications and significantly reduce the time they spent on manual tasks. “It was a huge step for us,” says Sparvoli.
While Okta’s initial implementation solved a host of problems for Intercom, the team still dealt with a number of remaining tasks—such as setting email forwarding rules or transferring Google Drive files to a manager—that created roadblocks and opportunities for error.
The Intercom team had plans to automate those business processes and data queries with custom scripts, but they required precious engineering time. For a fast-growing company focused on staying ahead of the competition and certifying a product for enterprise use, that time was in great demand.
“We had skilled IT specialists who could chart the workflow for you, but they didn’t have the engineering skill set to build it,” says Sparvoli. He continued to push Okta for new products and features that would help his team accomplish their vision of a cloud-only, Zero Trust IT infrastructure.
A no-code integration and automation platform
Okta Workflows grew out of the positive feedback loop that visionary customers like Intercom provide—continually pushing Okta product teams to solve new problems and test the boundaries of what’s possible in IAM.
Workflows is part of Okta Platform Services, an initiative that makes the foundational components of the Okta Identity Cloud available to customers and partners through out-of-the-box products, APIs, and SDKs. When an Okta Customer Success manager suggested Intercom take part in the Okta Workflows beta, Sparvoli says he saw its potential immediately. The Customer Success team worked closely with Sparvoli to ensure a seamless transition to Workflows, arming Intercom with expertise around troubleshooting best practices and setup requirements.
Workflows includes a curated list of deep connectors that allow IT admins to automate more than just “create,” “read,” “update,” and “delete” identity functions. For example, they can set territories in Salesforce or default folder shares in Box.
In addition, Workflows allows admins to connect to any API—not just Okta’s curated list of connectors. “Eighty percent of the products involved in our Workflows automations don’t have premade integrations in Okta, but we can leverage the API,” says Sparvoli.
Workflows also aligns with Intercom’s principle of using less custom software and relying more on partners. Now, the team can easily create bespoke business processes, without code, using software they already own.
“Understanding how to use an API is very easy,” he says. “Writing the code that uses the API is much harder. Okta Workflows removes that barrier for IT specialists.”
Today, Intercom IT has a no-code solution for automating lifecycle tasks specific to their organization. The time required to build those automations in Okta Workflows is much less than to write a custom script, and the result is more efficient, secure, and simple to maintain, says Sparvoli.
A typical custom data query script, for example, would page through every profile for every person who ever worked for Intercom—some 1,400 profiles—to gather the required information. With Okta Workflows, the team can create an API query that pulls information together much more quickly.
“We went from waiting 15 minutes to gather information from the HRIS, down to 242 seconds,” says Sparvoli. “When I saw that, I thought ‘Okay, we really need to work more on this platform and see what it can do.’”
Minimizing manual work and friction
Workflows is more secure than a custom script because it runs on the Okta platform rather than on an Intercom engineer’s computer or server. It also helps the team minimize manual work and friction. “It removes low-value work from people’s jobs and allows them to focus on more important work,” says Sparvoli. “This is super important because we are a very small IT team."
For example, Intercom is using Workflows to import HRIS information into a tabling workflow that comprises the company’s entire employee database. “Nobody had to build any infrastructure or maintain anything,” says Sparvoli.
Preparing for audits used to be a laborious process. The team had to export Okta logs regularly and save them on AWS. Then, engineers had to develop an analysis tool to put information in the right format, updating it whenever an API changed. If a key person suddenly left the company, the process could potentially be thrown into chaos.
Now, Intercom uses Workflows to automatically gather the right information and send it to the right person in the right format. Okta takes care of API changes for native integrations. “It makes preparing for an audit so much easier,” says Sparvoli.
Workflows is solving other kinds of problems, as well. When HR needed a way to make sure every employee had signed the employee handbook, for example, IT designed a workflow that automatically requires new employees to sign the handbook before their Okta account can be activated.
Next, Sparvoli plans to use Workflows to create simple rules to pull out the information his team cares about. “We want to go beyond alerts and use Workflows to create automated actions, based on the severity of an event,” he says. “Okta is the best platform for this because it has direct access to the events. There will be a substantial reduction in reaction times there.”
For Sparvoli, Workflows offers potential that goes well beyond its identity origins. “It’s the glue between all these services—Okta ones, but also external ones,” he says. “You can connect any API you want and expand the platform as you need.”
Zero Trust—no Active Directory required
With the Okta Identity Cloud and Okta Workflows, the Intercom team has nailed the employee identity pillar of its Zero Trust strategy. The next step, says Sparvoli, is to enfold devices into that circle of trust.
When the Okta Devices Beta opened, Okta Customer Success Manager Nicole Stepakoff saw an opportunity for the Intercom team to give one of its features, Okta FastPass, a try. FastPass makes granular, context-based access decisions possible, while offering passwordless login from any device or location to any Okta-managed app. Using features within the Okta Devices platform service, the team can decide which applications are accessible, by which devices, in which context.
Granularity was already possible with Okta Device Trust, which Intercom has been using to manage MacOS, iOS, and Android devices. Okta Devices makes even more context-based decision-making possible, says Sparvoli. Plus, those access decisions extend to third-party apps. Intercom can let Salesforce know, for example, whether a device is trusted within a certain context.
Okta Devices will also make it possible for Intercom to retain its 100% cloud status while extending its Zero Trust perimeter to Microsoft Windows devices. “We have not implemented device trust for Windows devices simply because, up until now, it would have required the classic on-prem Microsoft Active Directory set-up,” he says.
Sparvoli did consider creating an office VPN just to manage Windows laptops but rejected the idea in the end. “We need to be 100% cloud,” he says. “I’m glad we didn’t do it because then Covid-19 would have broken Windows laptops for the entire company.”
Sparvoli sees significant potential in Stepakoff’s work to help his team implement FastPass. “Okta Devices is going to allow us to use the Intune context inside of device trust to give us a full Zero Trust perimeter-less infrastructure,” he says.
The best kind of partnership
“Over time,” says Sparvoli, “Okta has been a very strong partner, evolving their platform and building the products, or functions inside existing products, that we need.”
The relationship is a beautiful example of collegial partnership: The Intercom team takes full advantage of the latest Okta technologies, while always keeping a running list of features and solutions they want that don’t quite exist yet. Okta product teams continually rise to those challenges, perfecting and securing current technologies while anticipating and developing the next identity breakthrough.
“As a platform,” Sparvoli says, “Okta has had a strong influence on Intercom, enabling us to grow organically at the speed we needed and creating the infrastructure that works for us, with a minimum amount of friction.”
“The easiest thing you can do is buy Okta,” he says, “but that’s just the start of the journey. You start to realize the value as you build this partnership, as you see Okta caring about your use cases and looking for ways to help you realize your vision.”