Moving to the cloud
Priceline begins moving apps to the cloud, with a goal of expanding centrally-controlled cloud capabilities, maintaining existing security policies, and easily adding new security features over time to meet evolving business needs.
An identity centric approach
Priceline identifies Okta as an identity management solution that can provide seamless, secure access for its workforce, automate license provisioning, and integrate with its cloud and on-premises apps, with the flexibility and control that they need.
HR + IT working together
Through Okta, Priceline gains fine-grained control over how profiles are mastered by specifying different user directories–Workday and Active Directory–for different user attributes.
A mutually beneficial solution
The ease of integrating applications with Okta makes it possible for Priceline developers to easily add identity management to their internal apps, and for Priceline, a member of Booking Holdings, to share apps and collaborate with its sister companies.
We initially purchased Okta to move to the cloud securely. But over time, we’ve uncovered all kinds of benefits that Okta provides. Now, every time we start a new project, one of the first questions is: Can we Okta-fy it?Joe Dropkin, Principal Engineer, Priceline
- Simple, secure access to every app that employees need–all in a single pane of glass
- Flexibility for HR and IT to each control user profile information that resides with their teams
- Automated provisioning and deprovisioning drastically improves efficiency and reduces cost while improving security by eliminating the likelihood of orphaned accounts
- Enhanced collaboration by adding Okta as the identity service to homegrown applications and using Okta as the central control point when collaborating across sister companies
Securely enabling cloud collaboration
Priceline, part of Booking Holdings Inc., is a global online travel company that offers travelers around the world exclusive discounts on hotels, flights, rental cars, cruises, and vacation packages. To support the goals of providing world-class travel deals and world-class customer service, Priceline’s IT team focuses on enabling easy, efficient collaboration for its global workforce, and providing secure, reliable access to the tools they need to do their jobs.
In its search for a modern identity solution, Priceline was looking to:
- Move to cloud applications for their workforce, including a shift from Microsoft Exchange to G-Suite
- Enhance security, by integrating its existing security policies and improving them where possible
- Automate onboarding and offboarding so that access is instantly provided and revoked when necessary, without burdening IT or HR teams
- Provide a streamlined, secure environment where its global workforce could access SaaS apps and other enterprise resources
“We knew we didn’t want to have varied ways of authenticating to SaaS applications—we wanted to have centralized control and be able to manage our security policies and user identities in one place,” said Joe Dropkin, Principal Engineer for Priceline.com.
To get all this done, Priceline needed a modern identity-management solution that could meet business requirements around centralizing control over user identities and security policies. Priceline’s approach to technology has always been to go with best-of-breed solutions—as Dropkin puts it, “If you're not happy with the software that you're using, then you're using the wrong software.” Those requirements led Priceline to Okta.
Finding a flexible, identity-centric solution
Priceline uses Okta as its central “source of truth” for workforce identity. The flexibility of Okta enables Priceline to use both Active Directory and Workday for user profile attributes, and to control which user attributes come from which application. Active Directory provides account information (usernames and passwords), while Workday provides people information like phone numbers, job titles, manager names and role changes.
This information can then flow seamlessly to all their Okta-connected applications, such as Slack, Gmail, and Zoom, as well as on-premises applications. With attribute-level mastering, IT controls account details, and HR controls people details. Each group is empowered to control the data they are responsible for, and Okta supports this flexibility.
“Okta’s flexibility allows us to have both Workday and Active Directory as masters. We’re able to bring in the username and password that a user needs to authenticate from Active Directory, which is managed by IT, and everything else comes from Workday, which is managed by HR. The benefit of having both Workday and Active Directory mastering Okta is that you have one set of data that everyone can rely on. Everything is kept up to date, and everyone is happy,” said Dropkin.
Connecting everything with Okta
According to Dropkin, Priceline’s experience with the integrations in Okta’s App Catalog has been so positive it has become a driver for new software decisions. “Now we look at everything we’re going to purchase and ask ‘Does it integrate with Okta? Is it part of the Okta Integration Network?’” says Dropkin.
“If so, we know that vendor has taken the time to work with Okta for easy integration, and it’s going to help us with lifecycle management, which is going to help keep our costs down. That's a big win.”
On the developer side, Priceline develops many applications in-house, and with Okta for identity and access management, developers can now go to developer.okta.com, choose their coding language, and find the few lines of code they need to add secure authentication to their homegrown apps. Priceline can even award administrative privileges to developers for each app individually, allowing the developer to go in and change the URL, assign users to it, and do whatever else they need to manage authentication to their app, without having to learn Okta or worry that they’ll “break” something in Okta. “You can have as many environments as you want, change what you want, it doesn't matter,” Dropkin said. “It’s really great that you can grant that type of granularity of administration to your developers, and empower them to create their own applications in your ecosystem.”
Powerful user data, enhanced automation
Priceline’s employees across the board can now take advantage of the simplicity of Okta Single Sign-On (SSO). They don’t need to remember multiple logins, or whether what they’re looking for is on-premises or in the cloud; they just get secure, easy access to all the apps and data they need. “Users get a single pane of glass” says Dropkin. “They know that if they want to get something, they go to Okta–it’s that easy.”
Deploying Okta for authentication, and integrating as many of its applications as possible into Okta, has contributed to a deeper understanding of employee app usage across Priceline. This helps IT make sure the apps they’re supporting are those that their users need and are happy with, and allows the enterprise to keep better track of licenses. With Okta as a central access point for SaaS apps, Priceline is able to get a true sense of who is using which applications. Not only does this help Priceline’s IT team understand the number of licenses needed for a particular app, it also helps them understand what license types are needed.
With Workday and Active Directory mastered into Okta, IT can easily deprovision users centrally, rather than having to individually deprovision the former employee from all their applications. “Okta makes it possible for us to shut off user access with a single click,” says Dropkin. “We can disable users and know that their accounts are deactivated, and that they no longer have access to all the applications that we provisioned for them.” After each deactivation, Priceline can then easily recycle licenses from deprovisioned users.
In addition, more and more of Priceline’s application teams are seeing the advantages of what Dropkin calls “Okta-fying” their apps, and are leveraging Okta for authentication. Priceline’s customer service IT team, for example, has moved to SAML-based authentication in Okta to deploy a more secure product faster by leveraging Okta as the user store, and not having to worry about maintaining users and roles and authorizations within their own applications.
When the need arises for Priceline to share an app with one of its affiliate brands within the parent company Booking Holdings, Priceline first provides the affiliate with the Okta Active Directory Agent to install in their environment, which lets them define a group of appropriate staff to provide access. Then, Okta and the Okta AD agent sync up, and presto: An application that was previously only a Priceline app is up and running at the sister company, and authorized groups and individuals both companies can collaborate on projects within the app.
Dropkin adds, “This was another big success we had with Okta. We were able to use Okta’s ubiquitous support for Open LDAP, Active Directory, and Universal Directory, allow admins to control their own users, and enable access to a joint application–without having to worry about Active Directory trusts, firewall rules, or proxies.”
Success by the numbers
Looking forward with Okta
For Priceline, making Okta a central component of its IT environment has been key to keeping employees and enterprise assets secure, providing users the tools they need to be productive, and freeing IT from repetitive tasks so they can focus on improving the user experience. Since integrating Okta as the identity solution and providing self-service password resets, Priceline has seen a reduction of calls to IT and employee downtime.
Moving forward, Priceline plans to incorporate Okta’s Threat Insight capabilities to gain deeper, actionable understanding at the device level around where its users—and threats—are coming from. “Getting that insight into endpoints is going to be a big help for us,” says Dropkin. “We are moving towards a zero-trust environment. We don't trust but we do verify, because at the end of the day our data is being accessed by devices, and we need to know that those devices are not malicious, and belong to our legitimate users.”
Bolstered by the wins to date, Priceline continues to actively look for ways to further integrate Okta across the enterprise. “I feel that my relationship with Okta is a partnership,” says Dropkin. “Okta is always happy to talk about new features and new technologies, and it's not about ‘what can we sell you,’ it’s about ‘how can we better your organization.’ Overall, my experience with Okta has been 100% positive.”
Priceline is one of the leading online travel agencies in the country, servicing customers with car rentals, hotels, air fares, cruises, vacation packages, and anything to help them get where they want to go and enjoy life's greatest moments.