A major growth spurt
Massdrop, a site that taps into group discounts by pooling buying power, grew its business and customer base quickly but IT was left behind. As employees came and went, the need for better identity and access management increased dramatically.
Finding the right solution
Massdrop needed a cost-efficient, effective way to manage onboarding and offboarding, increase employee productivity, and enhance security. After comparing three different products, Massdrop decided that Okta was the only one that could address all of its needs.
New levels of productivity and security
Once Okta was up and running, the onboarding process for new employees dropped from 30 minutes per person to virtually no time at all. This equated to more than $25,000 in savings in the first year alone. Security was improved too, since the automated offboarding process was able to shut down access for old identities right away.
With Okta providing instant access to apps and a seamless single sign-on process, Massdrop employees are realizing increased productivity of more than $60,000 per year.
A delightful user experience
Okta's Universal Directory helps employees enjoy a personalized experience based on the communities they manage. The end result: a customized dashboard that shows the employee only the things they need to get their work done.
Big or small, tech-heavy or not, tools like Okta make your company safer, your jobs as IT or surrogate IT professionals easier, and most importantly, it makes the day-to-day life of your employees better.Aaron Zander, Senior IT Administrator at Massdrop
A growing challenge
Business is good at Massdrop, a web-based service provider that negotiates bulk discounts for groups of independent people. But before senior IT administrator Aaron Zander arrived, the company was experiencing some pretty severe growing pains. Specifically, they had a workforce of 50 people—but no in-house IT.
As a result, employees purchased their own hardware. There was no Active Directory or LDAP for identity management. Cloud apps like Google for Work and Slack were being used, but there was no dedicated manager, which left a lot of old digital identities floating around. Users also had to sign into every app individually. Zander sums it up in five words: “It was the wild west.”
Massdrop knew they needed to bring in someone who could manage application access, streamline onboarding and offboarding, and generally make everyone’s day more productive. That’s where Zander came in.
“Like any small, new company without an IT department, there were a lot of little maintenance things that just weren’t happening because there was no one responsible,” says Zander. “It's really easy to go and look at a dirty hallway and say, ‘Well, the janitor is going to clean it.’ But if your company doesn't have a janitor, deciding who's going to clean it is very hard. When I came in, I was basically the janitor.”
When Zander started looking around for a solution, there were a few basics that he knew Massdrop would need. These included:
- An end-to-end solution for managing users
- Access control for external apps and tools
- Targeted access to internally created tools
- A strong, well documented API
- Integration with BambooHR
- Multi Factor Authentication on-demand, or all the time depending on the user
Zander’s first priority was finding an automated lifecycle management solution. He wanted a solution that didn’t require Active Directory or LDAP because as a cloud-first organization, they didn’t have any server infrastructure in the office at all.
Zander also needed a tool that was compatible with their human resources software, BambooHR. Since he wanted a tool that could function as a directory and make single sign-on possible, he ended up narrowing his options down to Okta and OneLogin. Okta won out in a side-by-side comparison—Zander and his developers thought it was a better product with better support.
“[Okta] can import data from BambooHR,” says Zander. “We can script stuff. And Okta has a great API that we can put in our tools, which is another big factor for us.”
Overall, Okta’s Lifecycle Management product offered the perfect solution to Massdrop’s identity woes. Plus, its integration with Okta’s Universal Directory made it possible to postpone the need for LDAP or AD servers and ultimately save the company about $10,000 in related costs.
The first phase of the implementation was getting everyone’s digital identity into Okta’s Universal Directory. Going into the project, Zander knew this would be slightly complicated. Before Massdrop phased in BambooHR, they were using a third-party HR company to manage their affairs, and the transition left some of their data in a non-standard format. Luckily, Zander had Okta’s professional services team in his back pocket, and before long everything was running smoothly.
“We probably went over hours with Okta’s professional services,” says Zander, “but I think it was because we were kind of blazing a new trail. They were really, really helpful with that.”
A simplified system
Now, thanks to Okta, Massdrop’s onboarding and offboarding processes are automated. As soon as a new employee’s name and e-mail address is entered into BambooHR, the rest of the onboarding process happens automatically whether it’s a new employee or an existing employee changing roles.
“Identity really just flows from our HR tools into Okta and then into everything else—our internal tools, our external tools,” Zander says. “It works really well.”
On the surface, it looks simple: Okta does an import every hour, automatically setting up any new users. But Okta Lifecycle Management does a lot of the app user and group management behind the scenes, including using Okta’s expression language with attribute transformation that determines email address structure and user access based on departments and responsibilities.
It’s made a big difference. Since implementing Okta, Massdrop has seen a 90% improvement in the amount of time it takes to determine and provide employees with access to the apps they need.
“One of the biggest markers for success is being able to gracefully terminate an employee in just a few minutes,” he says. “Depending on what applications they have access to, I might not need to do anything at all. Someone in HR can terminate an employee and within 60 minutes, the employee will be shut down in Okta and all the tools that they had access to will be removed.” Additionally, if an employee gives their two-week notice, all HR has to do is enter the termination date, and BambooHR and Okta will take it from there.
Improving employee productivity
Gone are the days where Massdrop team members choose and manage their own apps in a haphazard way. Employees no longer use an inconsistent variety of apps and sign-in to each one individually with a different password, resulting in numerous password reset requests and lost time.
With Okta in place, password reset requests have been reduced by 90%. Overall, Okta’s productivity features have already saved Massdrop over $60,000.
Extending Okta with personalization
The end-user experience is also enhanced with personalization. Massdrop can now more easily manage which applications are most relevant to an employee with Okta, by sorting out the internal tools a user sees based on the communities they manage.
“Our internal tools for our buyers can be completely controlled by, ‘Hey. What community are you a part of? Are you a part of our car community? Are you part of our watches community? Great. Here's the stuff that you want to see right up front,’” says Zander.
A productive future
Now that Massdrop has successfully automated onboarding and offboarding and streamlined the single sign-on process, Zander’s looking ahead. While he’ll continue to introduce new internal efficiencies, including a new Okta-integrated phone system that will onboard new employees automatically, he’s primarily focusing on Massdrop’s security. Security improvements are not only business critical—they also makes good financial sense. So far, the value of improved security from a single, more secure credential, automated deprovisioning from HR and real-time reporting is valued at about $80,000.
Next steps include looking closer at security management for individual devices. The key will be finding the tool that works best with Okta’s security tools. Zander is also rolling out Okta Multi-Factor Authentication (MFA) for company apps, making it easier for Massdrop employees to authenticate into their company’s VPN, without having to use RADIUS or Mac addresses. Better yet, they will have the option to choose between Okta Verify with Push, SMS, and Google Authenticator. By using Okta, Massdrop’s able to offer its employees the flexibility to make choices that work for them without sacrificing security.
With new levels of productivity, heightened security, and a balanced IT budget under their belt, Massdrop doesn’t need to worry about falling behind on IT maintenance again. Instead, they can focus on what they do best—creating unforgettable customer experiences.
Massdrop creates high-quality, custom gear, apparel, and products inspired and designed by their online communities. They provide millions of members with a place to connect, discuss, buy products together, and learn about the things that are important to them.