Mirador connects the best financial reporting technology to the wealthiest of clients, with Okta as the identity foundation

A technology company with no IT staff

Joe Larizza builds technology solutions that help the ultra-wealthy understand their net worth, evaluate the performance of their investments, and identify risks and opportunities. As founder and managing partner of Mirador LLC, he puts together financial reporting technology platforms for high-net-worth families, wealth management firms, endowments, and foundations.

While the firm is small—only about a dozen employees in Connecticut and the Salt Lake City area—they manage about 30 client platforms that connect diverse financial reporting services together to serve thousands of customers representing more than $30 billion of wealth.

“We set up the software, we write the reports, we make sure that the data that gets in is accurate, and we answer any questions clients might have,” Larizza says. “It allows customers to focus on the output of the information, as opposed to making sure all the data is right.”

The company operates in a cloud-only environment. “I’m a big believer in not having any IT staff, per se,” he says. “We don’t have any servers that hold any software.” Larizza’s team is always on the lookout for new technologies that can make them more efficient or help them offer better client services.

To build financial reporting platforms for clients, Larizza works with a large number of disparate cloud vendors. “It’s the best part, and also the hardest part,” he says. “The cost to switch from one solution to another is minimal, so we always stay with the best-in-class. The challenges are getting the systems to talk to each other—to pass data. And also, identity management.” The cost of switching solutions rises when it affects clients directly, he says. “Having them re-enroll in the system is one of the biggest costs in a cloud-first solution.”

Security concerns top Larizza’s list of identity management priorities. With high-value clients, “it’s not about guarding the castle,” he says. “It’s about the person entering the castle.” The likelihood of an account takeover resulting from compromised IDs or passwords is much higher than the risk of a malicious third party hacking in to Salesforce or Addepar to steal data. “A robust and uniform security policy is very important to us, particularly as it comes to client access.”

An Okta believer from way back

Larizza first worked with Okta as chief administrative officer at Fieldpoint Private, a wealth management firm created by and for those same high-net-worth clients. When he decided to start Mirador, he knew Okta would play a significant role. “Okta might have been the second or third contract that we signed,” he says. “It was that important to us.”

“First of all, Okta checks all the boxes, from a security perspective. Second, it has been adopted by many large organizations that do a lot of due diligence. The fact that Okta is in the upper-right-hand quadrant for Gartner, and that major companies with massive information security departments rely on Okta—that definitely puts our clients at rest,” says Larizza.

“Third, it’s an incredibly powerful tool that’s really simple to use and administer,” he adds. “If it’s too hard, no one’s going to use it. If it’s not secure enough, that doesn’t help, either. Striking that balance is really important, and Okta offers the right features for us to do that.”

As technology consultants, the Mirador team follows fifteen technology categories, one of which is identity management. “We have a working knowledge of all the top players out there,” he says. Mirador continues to choose Okta because of the way the technology balances usability with a robust, forward-thinking security model.

Speedy, secure identity integration

Okta provides the identity foundation for all of Mirador’s customer service offerings. The company deploys Okta Single Sign-On as a simple portal where clients can log in securely and then access all the applications they’re enabled for. Clients use Box or Citrix to store and retrieve documents, along with various financial industry solutions such as Addepar and eMoney, or custodian-specific solutions from Fidelity, Schwab, TD Auto Finance, Pershing, and others.

“Most of those applications are SAML 2.0-based. Some of them are proprietary SSO implementations. In some cases, we leverage SWA,” says Larizza. At the end of the day, it’s not about providing a single, Mirador- or client-branded platform, but about providing a single ecosystem that clients can access with a single ID and password. Clients appreciate being able to swap out applications easily to achieve the results they want quickly. “That’s a tremendous uptick from a traditional legacy platform, where everything had to be working in lockstep,” he says.

“We try to push our clients to a forward technology position,” says Larizza. “We often challenge their need for Microsoft Active Directory, for example. Why not use Okta Universal Directory? You get better SSO, better security, and better business continuity.” With all their critical applications and data in the cloud, clients don’t have to worry about losing access, should their physical premises be hit with a catastrophic event.

Okta Multi-Factor Authentication serves specific client needs. Security is a high priority, and MFA offers an extra layer of assurance without added complication. “We typically use SMS,” says Larizza. “Over the last few years, SMS authentication has become more widely accepted, so people are comfortable with it.”

Unified views for clients and admins

Mirador uses Okta Universal Directory to store customer profiles. “The reporting behind it makes it simple for us to report, manage, administer, and audit profiles,” Larizza says.

He says the single-most important thing that Okta has helped Mirador with is customer adoption. “If you’re a full-service customer of First Republic Bank, you could have up to six separate IDs and passwords to access all your applications and services at the bank,” he says. Having so many passwords is a security risk, and also makes it less likely that customers will use those apps and services.

To meet the requirement of high-net-worth clients, the Mirador team is laser-focused on providing seamless customer service. “Bringing all clients’ financial information into a single picture, under a single login ID, is more secure, easier to administer, and more uniform, from a client perspective,” Larizza says.

Okta Universal Directory makes it easy for Mirador staff to administer accounts, as well. With a consolidated view of customers, “they can look at user statistics, see who hasn’t logged in, see who hasn’t finished the enrollment process, and react to that.”

That consolidation and visibility also strengthens the company’s security position. If someone leaves, “ideally, you want to go through all the underlying systems to make sure all the identities are turned off there—but you can just deactivate a user within Universal Directory, and you’ve limited your exposure,” he says.

Replicating a successful identity model

Today, Larizza runs a technology company with no IT staff and no help desk. That’s not to say Mirador doesn’t have a service model that’s extremely focused on clients. “Typically, it’s an advisor or the advisor’s assistant who fields day-to-day client calls,” he says. Because of the single global client ID, Mirador has fewer password problems than traditional high-net-worth solutions.

“We train them in simple password issues. If they need to escalate something, they can send it to someone with more of an IT background.” Most issues can be resolved by someone who has very little technology knowledge.

That strategy puts the technology ball squarely in the court of Mirador’s partners, so Larizza is careful to choose companies he can work with. “The Okta team has been very responsive, both in terms of our sales cycle and then working with me as we’ve sold into other organizations,” he says.

“Our goal is to replicate this by helping more clients develop financial reporting portals that use Okta for identity,” says Larizza. “The Okta sales team has taken the time to really understand Mirador’s business. I can almost order it up like a Big Mac, at this point: ‘Give me the number six, for 250 users—’ and we’re up and running.”

Clients continue to turn to Mirador for go-to-market speed and comprehensive financial industry knowledge. Mirador, in turn, “will continue to bring additional clients over to Okta,” says Larizza. “We have no reason to say that anyone other than Okta is the best choice for identity access management.”

About Mirador, LLC

Mirador, LLC is the leading provider of bespoke portfolio performance solutions for high-net-worth families and family offices, wealth management firms, and endowments and foundations. In partnership with the pre-eminent data providers in the wealth management space, Mirador implements and operates customized suites of financial reporting solutions, defined by individual client needs.