Kiwi.com is built on flexibility. The website allows travellers to build consolidated travel plans across airlines, bus companies, rail companies, and more. When the company was founded seven years ago, its IT infrastructure—a collection of cloud-based apps plus a couple of small servers—mirrored that flexibility. As the company grew, however, the loosely connected infrastructure, which worked well for a start-up, began to cause friction.
After rapidly growing to more than 3,200 active international users, the company struggled with the costs and labour involved in managing all of these user identities. Specifically, the company’s environment lacked a single point of truth, which created provisioning and productivity challenges, limited visibility into company systems, and weakened security. Kiwi.com avoided some overhead costs by rooting its IT environment in SaaS apps, but with so many employees working all over the world, identity management was still time-consuming and expensive.
Essentially, Kiwi.com lacked identity management tools. To solve its challenges, it would need a strong identity partner with a flexible platform that could tie its complex infrastructure together andscale with the company. After conducting market research, the company realised that Okta could provide everything it needed, including comprehensive Single Sign-On, robust security tools, increased employee mobility, and automated provisioning capabilities.
Kiwi.com’s first step towards strong identity management was to migrate employees into Okta Universal Directory, and adding Single Sign-On for a stronger security posture, a consolidated view into all connected apps, and a simplified user experience. Next, the company added a strong layer of protection to its new environment by deploying Multi-Factor Authentication. Kiwi.com also established HR as a master, so that users automatically gain (or lose) access to applicable apps whenever their role changes within the company.
With Okta in place, the company has a simpler, more secure access process, and an automatic provisioning process that increases employee productivity while lightening the IT workload. Security is stronger and more flexible thanever before. Kiwi.com has a more scalable infrastructure hidden from users by a consolidated dashboard. The company also enjoys an unexpected benefit—while deploying Okta, it found new ways to streamline its operations overall. Now, whenever Kiwi.com assesses a new app, one of the primary considerations is whether or not it can support Okta.
Okta provides a full ecosystem, and it’s just getting started. We didn’t just buy a black box for a single solution, we onboarded a platform that will grow with us and our needs.David Pavlik, Chief Information Officer, Kiwi.com
When Kiwi.com was launched more than seven years ago, it had a single goal in mind: to offer customers more flexible travel options. The company began by offering virtual interlining services—which use an algorithm to connect flight routes between airlines that aren’t necessarily cooperating on their own.
“Kiwi.com is the only kind of virtual carrier that can take you from Brno to Los Angeles, and can actually issue the ticket for you,” says David Pavlik, Kiwi.com’s chief information officer. “We can also combine different classes, so if you’re going to Los Angeles, you can do the short haul flight in economy and the long haul in business.”
Next, the company expanded into ground transport, like taxis, trains, and buses, and added a valuable guarantee. “We make sure that if you miss a connection for any reason on our virtual interline flights, we'll get you to the final destination,” says Pavlik. “Our ultimate goal is to connect people, to provide them with the opportunity to get from any point A to any point B in the whole world.”
Kiwi.com’s services appealed to the masses and now the website supports millions of users, billions of searches, and a massive influx of content. To accommodate this growth, Kiwi.com had to rapidly expand its workforce. Now, it employs more than 3,000 people and has customer service centres all around the world.
“With our technological growth and product growth, we significantly increased our headcount and our subsidiaries locations around the world,” says Pavlik. “To manage it all, we needed to drastically improve our technological infrastructure.”
A disparate IT landscape
Like most start-ups, Kiwi.com’s IT infrastructure was cloud-first. All of the company’s customer-facing services were based in the cloud, and Kiwi.com’s internal infrastructure relied primarily on SaaS apps as well. The company’s on-premises footprint was limited to a couple of in-house servers, and for good reason:
“If you're in the cloud, you know your providers are innovating, upgrading, and maintaining the services for you,” says Pavlik. “You can scale your infrastructure up or down based on your business needs, or, if it’s really necessary, you can easily change providers. It’s been paying off for us for many years.”
As the small start-up grew into a large corporation, however, Kiwi.com’s original approach—adding SaaS apps as necessary—simply didn’t work anymore. The company needed a single point of truth and a consolidated identity infrastructure in order to effectively manage user access and provisioning.
“From a security perspective, if you're a small company, it’s much easier to run your environment on a bunch of cloud instances,” says Pavlik. “Once your environment grows to include thousands of instances and multi-cloud providers, it becomes much more difficult.”
Kiwi.com’s existing infrastructure presented three main points of frustration: “Number one was a lack of visibility into the system and the settings,” says Pavlik. “The second challenge was the extra overhead required to manage all of the systems. And the third point was our inability to automate the workflows because they were so complex.”
According to Pavlik, all of this created a massive IT workload that required “extra people for the management of all that tooling, all those accounts, and all this complexity.”
Without an automated workflow, employees could end up waiting far longer than necessary for access to the tools they need to do their jobs which, in turn, affected productivity. Meanwhile, a manual deprovisioning process presented a security risk by increasing the possibility of a former employee retaining access to sensitive apps.
“There wasn’t a single source of truth where you see the whole landscape of Kiwi.com from an accounts perspective or an identity perspective,” says Pavlik. “It’s not that it wasn't manageable, but it was much more complex. While we could still evolve as a company with that infrastructure in place, it would significantly slow us down.”
A trusted, flexible identity solution
Pavlik wanted to enable Kiwi.com by optimising the efficiency of the company’s customer service team, helping developers deliver new products and services as quickly as possible, and generally reducing complexity. To fully achieve these goals, Kiwi.com would need a strong identity partner.
“It’s definitely a fast-paced technological company,” says Pavlik. “We need to really stay on the edge of technology development because it gives us a competitive advantage.”
Kiwi.com began looking for a trustworthy partner that’s independently certified with a strong track record of meeting industry standards. The right vendor would also need to provide flexible, scalable identity solutions that would grow with the company.
“From a technical solutions perspective, Okta really provides this platform,” says Pavlik. “It provides a rich ecosystem and, looking at the roadmap, I can also see Okta is just getting started. That was probably the most convincing factor for us. We didn’t just buy a black box for one solution, we onboarded a platform that can grow with us and our needs.”
Pavlik was also pleased with Okta’s customer service and technical support. “What we really liked about Okta was the interaction with staff,” says Pavlik. “They provided us with very deep insights.”
After discussing its needs with the Okta team, Kiwi.com purchased a range of Workforce Identity products, including Universal Directory, Single Sign-On, Multi-Factor Authentication, Lifecycle Management, and API Access Management.
In consultation with Okta, Kiwi.com developed a roadmap that included three primary goals:
1. To allow employees to access apps through Single Sign-On
2. To secure all apps with eitherMulti-Factor Authentication or a VPN
3. To set up HR as a master so that any change HR makes to a user profile automatically result in that user being provisioned with the correct apps (or in some cases, completely deprovisioned)
Kiwi.com began its journey by migrating employees into Universal Directory, and pairing Okta’s Single Sign-On. Together, these products provided administrators with a consolidated view of its systems, while employees benefited from simplified access to a range of major apps, including G Suite, Jira, and Confluence.
“From an employee point of view, it’s really about having a single place where I can come to work,” says Pavlik. “I can open my Okta portal and click on the application that I need to start working. I can immediately see what I have access to.”
This increased visibility has also led to better organisational decision-making. “Being able to monitor application usage has been particularly interesting,” says Pavlik. “We actively monitor how many people have access to applications and how often they use them—andthen we can make decisions based on that. Should we decrease the number of licenses for a specific tool? Or should we talk with the team to find out why they’re not using the tool? It's really helping us to better manage our cloud solutions.”
Kiwi.com continues to onboard additional apps, including developer tools GitLab and Datadog. “We’ve integrated Okta into our everyday work life,” says Pavlik. “Now when we’re looking for a new tool for a particular business function, we always consider identity management. If the tool can’t support Okta, we usually don't want to work with it because it would create complexity and add extra overhead.”
The company still has quite a few applications to integrate, but it’s been a speedy deployment in general. “Overall, betweensigning the contract with Okta and launching the first five applications, it was around three or four months,” says Pavlik. “Now, our goal is to onboard another set of applications each quarter.”
Even though Kiwi.com still has work to do, it’s already experiencing benefits, including a significant reduction in password reset requests. The company now receives almost 12,000 fewer requests every year, which translates to 2,932 hours saved by administrators.
With the onboarding process well underway, Kiwi.com began bulking up security with Okta’s Adaptive Multi-Factor Authentication. This is a critical part of the company’s Zero Trust strategy. “We have a huge global footprint,” says Pavlik. “We need to verify the identity of everyone connecting to our infrastructure, no matter where they are in the world.”
This process included setting up IP restriction for employees in the customer service centres. “We can basically whitelist the IP addresses of the vendors who provide our customer service—which keeps them from connecting from outside of the IP range,” says Pavlik. “That’s proven to be super useful, and it provides us an extra layer of security.”
Kiwi.com also incorporated YubiKeys into its security processes. Since customer service agents regularly access sensitive information while processing customer bookings, secure access management is critically important. By setting up a range of factors, Kiwi.com also increased convenience and mobility for global employees.
“There shouldn't be a difference, whether you’re working from our Brno headquarters or from a coffee shop in the Philippines,” says Pavlik. “As long as we can confirm that it's actually you, that you use your YubiKeys and VPN to connect from a validated machine or endpoint with proper security settings, you should be able to connect and work from anywhere in the world. This is a crucial feature for us.”
Kiwi.com is pleased with how Okta has improved security and streamlined employees’ workdays. With Adaptive MFA in place, there’s been a 50% reduction in MFA prompting, increasing employee productivity by 2,354 hours each year.
The IT department’s workloadhas been reduced too. Before Okta, there were between one and three security incidents per quarter, and it would take about 24 hours to investigate each one. Now, the number of security incidents--and the time it takes to investigate them--have been significantly reduced. Based on the time spent handling security patches alone, the company’s security and developer teams now save 288 hours a year.
Success by the numbers
- 2932 hours -annual reduction in helpdesk time related to password resets
- 1209 hours -annual reduction in time spent supporting manual app provisioning
- 288 hours -annual reduction in time spent on security patches
- 2354 hours -annual increase in employee productivity due to intelligent MFA prompting
An automated future
Once Kiwi.com finished consolidating its infrastructure, it was able to start working towards its goal of automating the provisioning process by establishing HR as a master. This allows employee status updates to feed into Okta. From there, Okta’s Lifecycle Management automatically provisions and deprovisions employees with the apps they need to do their specific jobs. Now, it only takes about 10 minutes to provision a new employee with their Okta-integrated apps--and standard provisioning requests have been reduced by 70%. As a result, Kiwi.com saves 1209 hours on provisioning/deprovisioning tasks every year.
“It's all just a few clicks away,” says Pavlik. “I would say the IT team benefits most because the automation and increased visibility into systems has really lightened their heavy lifting. It’s much easier to manage the whole 3,000-person organisation. I can easily create the groups, I can easily set up provisioning, and I can easily set up workflows. It not only reduces the manpower needed, but it also reduces human error.”
The partnership between Kiwi.com and Okta is ongoing, and there are still plenty of features for the travel company to explore. Kiwi.com’s roadmap already includes using Okta Workflow to further increase automation. The company also plans to boost its Zero Trust security with Okta’s AI for access management.
“If it's a more trusted environment, the AI will let you in easily,” says Pavlik. “If it's a less trusted environment, it will employ all the extra factors.Those are really the things that fit well into our strategy.”
Kiwi.com is the travel-tech company connecting all forms of transport —this is the power of its Virtual Interlining algorithm. Whether you’re traveling on planes, buses, or trains, Kiwi.com can combine them.