How Intermex supports more than 8500 agents through a single Identity platform

From Washington D.C. to Mexico City, from Florida to the plains of rural Africa, Intermex has one goal: get your money to your recipient, how and when it’s needed. Founded in 1994, it has seen almost 30 years of change in how cash is moved internationally. It has also experienced expansive growth driven by mergers and acquisitions.

The Intermex IT team struggled to navigate a complex jumble of outmoded processes, inefficient platforms, and competing needs. Feeling the pain, the hiring of a new CISO was an opportunity to make improvements and address inefficiencies. He saw that Identity was the factor that could solve it all, and the solution he chose was Okta. 

Big growth means big challenges

Extensive growth is great for an ambitious international company—but hard on IT teams. It’s a universal problem for any modern organization: how can we pivot from our original tech stack into a modern infrastructure without disrupting our internal users? Along with its growth, Intermex relied on a patchwork of platforms, homegrown apps, and acquired technologies. 

The overriding issue for Intermex IT was consolidation. The team had to contend with various M&A use cases, five different Identity management tools, and duplicative identities throughout.  Solving these challenges required eliminating multiple tools and streamlining its modes of information. Meanwhile, end users were frustrated with the friction caused by different systems, frequent logins, and countless passwords. 

A new CISO with a tested solution

Enter Chief Information Security Officer Daniel Hereford. As a company newcomer, Hereford saw a clear need: “The organization had a good cloud strategy but lacked one for Identity. Our IAM team had a very mixed-use case with Active Directory, Azure AD, subsidiaries, and various other tools,” said Hereford. “I saw an opportunity for consolidation and a unified Identity strategy that I knew Okta could address.” This was more than a hunch, as Hereford had implemented Okta in three previous organizations. 

Hereford’s vision was clear, but the road to Okta implementation was not free of obstacles. His IT team had just implemented a competitor Multi-factor Authentication (MFA) solution the previous year. With tool fatigue already setting in for IT and its end users, Hereford felt the pressure to qualify and justify his decision. “There was concern about changing tools again. So, I promised the organization this IAM change would be the last. That reflected my trust in Okta.” says Hereford.

Happily, the risk paid off. By choosing Okta, Intermex reduced deployment time from nine months to four—boosting time to value. And, due to strong user response and ease of use, it  saw immediate savings: “Lowering friction enhanced security buy-in,” says Hereford, “and we think of the time saved as a lowered soft cost.” 

Most importantly, the change significantly improved efficiency throughout the organization. “Initially, our goal was to have five applications integrated into Okta,” says Hereford, “now we have 45 apps fully utilizing Okta for single sign-on and adaptive MFA. This is a major success, as we’ve exceeded our initial goal nine times. This would have taken years using other methods. Okta's concise and easy-to-operationalize model was crucial.”

This is in addition to saving approximately $175,000 per year by removing various tools such as monitoring, password resets, and MFA enablement. According to Hereford, “These hard dollar savings proved to be a significant part of the business case for Okta adoption.”

Once completed, the implementation lowered help ticket turnaround by two hours, decreased password friction, and enhanced password hygiene and identity strength. The team also began introducing passwordless authentication and piloting multi-factor authentication on servers. “Overall, this deployment has been cost-effective, improved security, and enhanced user experience,” says Hereford.

End users need less convincing 

While the IT staff was skeptical, the response from end users was enthusiastic. From day one, users were happy with the 70-80% time reduction in access to apps, as well as the cut in overall password use. Alchemy, a value-added reseller, also helped to accelerate end-user adoption. Hereford leveraged them to help with socialization and education. “I wanted to spread the message, and it was valuable to work with them.”

“Okta’s rapid deployment and adoption allowed me to deliver success and an early win,” Says Hereford, “I got comments like, ‘Oh, you're the guy who brought Okta? Thank you. It’s really made my day easier.” A specific success? The onboarding experience: setting up new users decreased from two weeks to four days, spurring new hire productivity. 

And the aforementioned help tickets. According to Hereford, “This consolidation of tools and the adoption of Okta has reduced service desk tickets related to password requests. We've seen a 70% decrease in those tickets, meaning improved productivity for our users.” 

All roads end at security 

As the company’s chief information security officer, Hereford’s priority was, of course, security. And an early problem was the prevalence of misprivileged identities: “Prior to Okta, we had issues with Identity management, especially regarding the removal of identities when people left the organization.” The way to fix it was to centralize the process. In the previous year’s user access review, the team discovered 600 misprivileged identities. Many errors were generated from employees changing roles without the appropriate permission adjustments. But now, with Okta’s centralized IAM system, “We believe we can reduce the number of misprivileged identities by half or more this year,” says Hereford. 

But Hereford also needed a global view of the Intermex security landscape. “In terms of security, we transitioned from a legacy approach to a modern one—a significant change management task. We conducted a zero-based assessment of our cybersecurity program, allowing for necessary changes and improvements.” A key result of the probe was the adoption of adaptive MFA. 

Adaptive MFA allowed for changes its end-users could feel. “With Adaptive MFA, we can adjust the level of auth based on user behavior. Initially, people were frustrated with having to reauthenticate using MFA all the time. After some fine-tuning and iteration, we found the right balance between security and friction. Since then, it’s been extremely popular.“

What’s next?

Looking forward, the Intermex IT team wants to improve its security posture and strengthen governance and lifecycle management. “With the ability to disable accounts and immediately deprovision access to systems, we've significantly reduced risk without 24/7 staffing. So now we're interested in Okta's Identity Governance and attestation solutions.” 

Hereford sees a strong partnership in the future: “Okta is a critical part of our security program, and we value the partnership. We’ve set a policy only to purchase new cloud tools that integrate with Okta, and we’re interested in getting our people Okta certified as well. It’s an investment that benefits our team’s professional development and Intermex overall.”