Juniper brings aged care into the modern age—and into the home. Okta drives a seamless, secure remote work strategy.

The increasing role of technology in aged care

When residents of Western Australia age, many turn to Juniper, a charitable, community benefit organization dedicated to caring for seniors as they navigate their final years. As one of the largest care organizations in Australia, Juniper’s 1,950 employees provide at-home care, as well as retirement living and residential aged care services.

Technology plays an increasing role at Juniper, as care managers look to software systems to help teams manage medication, report clinical outcomes, comply with public quality-of-care standards, and identify and communicate risk factors. Cloud-based services that caregivers can access remotely help them deliver more personalized, patient-centric care, compiling notes and accessing critical data at the point of care.

These advancements are changing the lives of Juniper employees, many of whom don’t have a background in technology. Members of this diverse group of carers, kitchen staff, cleaners, laundry workers, maintenance personnel, and part-time casual workers are becoming accustomed to picking up a tablet and logging onto cloud services every day.

A complex identity maze

Juniper is a 71-year-old organization, and over the years individual service units tended to make IT decisions independently, implementing a diverse slate of technology solutions that managed identities in diverse ways. 

While Juniper employees generally stay with the organization longer than is typical in the aged care industry, the turnover rate is still about 20%, and IT has to keep up. “Creating identities for all those software-as-a-service (SaaS) accounts was a full-time job for us,” says Dan Beeston, ICT Manager at Juniper. “Once you create that identity, you then have to determine what applications they need and assign them access.”

Onboarding and offboarding employees was a time-intensive, manual process, and security was also a concern. “Those disparate identity systems had very weak password complexity, so there was significant risk,” says Beeston. 

Shifting the focus to Juniper’s unique strengths

In 2018, the company initiated a digital transformation program for Juniper IT, and the organization began moving to managed cloud services. IT had a mandate to focus its attention on helping Juniper staff improve quality of care for clients and residents, and to streamline the daily work of updating servers and generally keeping the lights on.

“Providing quality of care is key to what we do,” says Beeston. “If a task can be automated or made more efficient, then that’s our priority.” 

To help bring Juniper to the leading edge of aged care technology, its leaders decided to invest in a risk-based quality management system (ionMy)—a software tool to help staff manage client and resident risk factors and improve care. 

“As part of that deployment, we wanted to get our identity management sorted out,” says Beeston. “We didn’t want to roll out the ionMy solution in the traditionally disconnected manner that Juniper had rolled out solutions in the past.”

The search for an identity super-partner

The team was keen to find an identity partner that could help them consolidate their disparate identity systems and provide a single sign-on platform for all Juniper applications. They were also looking for a multi-factor authentication product, to help ensure secure access for carers working remotely in client homes. 

“We did consider Microsoft, but we wanted a more vendor agnostic partner, to make Juniper as flexible and scalable as possible and to allow our team to tap into all the various cloud applications available,” says Beeston. 

Automation was also a key factor. The team had been using a Microsoft product to automate account provisioning and deprovisioning, but that was heavily customised and unsupported. “We actually considered turning it off and going back to manually creating identities, because we were having such difficulty reverse engineering it to move forward and migrate the activity to another platform” says Beeston. 

The team also needed to set up role-based access management. Juniper employees frequently move between different roles on their employment journey, and sometimes take on more than one role across different service units. Ideally the organization’s identity system would automatically assign people the applications appropriate for each role. 

Aged care tech vendors embrace single sign-on 

“We decided Okta was our identity product of choice, and then we put our ionMy vendor on notice that we needed them to integrate with one of Okta’s authentication methods,” says Beeston. “They were excited, actually, because they hadn’t been challenged on identity integration yet.” 

The vendor agreed to jointly develop their product to Okta identity standards, and three months later, Juniper went live with both Okta and the new ionMy solution. 

Currently, Juniper IT has three applications set up in their Okta Single Sign-On portal, and two ready for release. Everyone on staff accesses the ionMy solution through Okta, whether they are working at a Juniper facility or in a client’s home. 

Next up was the Amazon Chime video conferencing platform, which took about 15 minutes to set up in Okta. “That was a quick win for us,” says Beeston. An online procedure manual is also in the line-up. “That will go into Okta, so that the carer in the client’s home can access our policies and procedures at the point of care” he says. 

The team is also rolling out SoupedUp, an aged care catering software solution. “They hadn’t done any SSO development either, so we built into our agreement that they’d work with us to build that capability,” says Beeston. “It’s a win-win: We get seamless integration and the vendor can now say they now support Okta.”

Advocating for transformational user experiences

As a part of their digital transformation initiative, Juniper IT added two technology advocates to the staff. In a community not known for being particularly tech savvy, that decision has turned out to be a key part of their success story. Juniper tech advocates work in rotation across every Juniper site, teaching and advocating for employees as they encounter new technology.

As a result of hearing the pain points within the organisation, the team is now set to integrate the Go1 eLearning platform with Okta, as well. “It’s a true SaaS product, so we just effectively have to switch it on,” he says. 

Soon, the team plans to move all Juniper applications to Okta—up to 20 applications. “We’re driving this to be our one-stop-shop for all things Juniper,” says Beeston.

His team deliberately bucked Juniper tradition and kept Okta branding on its SSO portal, rather than aligning it with the Juniper brand. “That strong Okta name may not mean much to staff yet, but we hope that as they go elsewhere and hear the name, ‘Okta,’ they’ll begin to understand the positive contribution that it’s making to our organization,” he says. 

SaaS partners are more familiar with Okta, which helps them understand the digital transformation that Juniper is out to achieve. “It’s not like we’re using an off-the-shelf product that no one’s ever heard of,’” says Beeston. “That name recognition is key.”

A secure, seamless remote work strategy

Juniper serves about 500 in-home clients, and Okta plays a big role in streamlining the technology aspect of those remote interactions and keeping them secure.

Employees have been quick to attain a comfort level with multi-factor authentication when they’re outside of the organization. IT rolled out Okta Adaptive Multi-Factor Authentication at the same time as SSO and is using Okta Verify as the authentication factor. “We haven’t had any challenges,” says Beeston.

He has a vision of building a fully bring-your-own-device (BYOD) organization, where employees can log on to their applications from any device, anywhere. “The strategic intent is that going forward we invest only in SaaS services, and they have to be integrated with Okta,” he says.

Beeston and his team still have work to do to replace a few legacy on-prem solutions with cloud-based products after buying time moving them to infrastructure-as-a-service. Currently, those applications require VPN access for remote users. To solidify Juniper’s remote-work capabilities, the team plans to implement Okta Access Gateway, which will allow them to bring legacy on-prem apps into the Okta fold much sooner.

“While we’re stuck with legacy tech debt, Access Gateway can create that seamless experience for our users,” he says. “Legacy products will still be ‘on-prem’ in the AWS estate, but we can access them within our portal, securely with multi-factor authentication.”

That combination of application availability and security has opened up a world of remote work options for Juniper staff. “Okta is driving a mobile strategy within Juniper, and that’s exciting,” says Beeston. “The day will come when a new employee can just switch on their BYOD computer, join the guest wi-fi, log in to Okta, and carry on with their business.”

Solving for automated, role-based access management

To automate employee onboarding and offboarding, the Juniper team implemented Okta Lifecycle Management, with Okta Universal Directory as the organization’s source of truth for employee profile information.

Okta also solves the problem of role-based access management. “Our HR payroll system allows employees only one role. With Okta, if a person is working across two different service units with two different roles, we can now build that in,” says Beeston.

“Group rule creation in Okta makes assigning applications a lot simpler,” says Scott Simons, cloud engineer at Juniper. “Anything that turns up in a particular role automatically gets assigned to the appropriate groups or permissions.”

The team is using Okta Workflows to fine-tune the automation, creating employee identities with information from the Juniper HR system and then automatically creating accounts for applications within the Okta SSO portal, according to the roles an employee is assigned to.

“That functionality is key to what Okta offers us,” says Simons. “Any of the other identity products we looked at or tried just couldn’t do that role-based access. It’s improved our workflow immensely.”

More accessible data. Improved quality of care.

Two months after rolling out Okta, Beeston says it’s a relief to have a single identity platform with a self-service portal that IT can build on in its pursuit of solutions for the larger Juniper community.

Staff members no longer have to deal with confusing identity systems requiring multiple passwords and access obstacles. “Our users primary focus is on providing quality care, not waiting around for an email after clicking on a ‘forgot my password’ link” says Beeston. “We had a lot of challenges with identity management in the past, and Okta is solving all those problems.”

In the big picture, IT is proving its value, freeing up service units to focus on quality of care—Jupiter’s unique value. With centralized, cloud-based identity management in place, the organization can begin taking advantage of advanced data mining technology, bringing data online that’s currently stuck in legacy on-prem applications.

“By bringing operational technology onto the network, we can start linking resident care data  to much more data such as the number of times they call for assistance, leave the building, or receive visitors,” says Beeston. A Juniper team is even working on body sensor analysis that can detect changes in skeletal positioning and alert staff to potential fall incidents before they occur.

“There’s lots of data out there that can help us identify changing health needs early and put preventative measures in place,” says Beeston. With Okta securing and assigning access, he plans to make that data available to Juniper staff members wherever they serve clients—in their homes, in a community setting or at the point of care.