"Beautiful accounting software"
Online accounting software company, Xero, builds a product that’s secure, easy to use, and (as their tagline proclaims) “beautiful.” As the company prepares for intense growth, IT looks for an identity management solution with those same traits.
Simplified employee access
The team implements Okta Single Sign-On, to simplify access to the large number of cloud applications that Xero employees demand. At first, IT continues with Active Directory as the master, adding and updating employee profile information manually.
Elegant identity management
To automate user provisioning, Xero IT shifts profile mastering away from AD. Now, HR enters that data into Workday, where it flows into Okta Universal Directory, which pushes it out to applications automatically, with the correct configurations.
Partnership for secure simplicity
Xero adds Okta Verify to its repertoire, for another layer of security while keeping access beautiful and simple. As the company grows, Okta’s Customer Success team helps IT stay abreast of data compliance requirements.
Focusing on "the good stuff"
Today, a 28-member IT team supports 2,000+ employees around the world. Okta is central to their cloud strategy, helping IT stay focused on providing the tools Xero employees need to keep making beautiful software.
We want to go 100% cloud, and we see Okta as being vital to that. It’s the center of where we will manage all of our apps.Dan Bowden, Infrastructure Engineer, Xero
Beautiful accounting software
Xero is a New Zealand-based online accounting software company, built in the cloud. The company’s tagline is “Beautiful accounting software,” and they pride themselves on a product that is easy, even enjoyable, to use.
It’s a standard that the internal IT team holds to, as well. Clunky, manual IT processes are anathema to the Xero way. The team takes pride in partnering with the business to provide innovative, responsive tools that help Xero employees take pleasure in their work.
“We don’t want to be the ugly duckling,” says Andrew Jessett, Xero’s general manager of internal IT. “I’d rate our internal customers as fairly tech-savvy, fairly demanding, in the way that they want the best. They don’t take second best, which is great. It drives us forward.”
Of course, the IT team is also charged with making sure company security remains rock-solid. Meeting both those challenges involves establishing consistent identity management throughout the organization. They began working with Okta early in Xero’s development, before the company had reached hyper-growth stage.
Not-so-beautiful application provisioning
“Before Okta, we were a much smaller company, and we needed to scale” says Jessett. “There were a lot of sporadically-based, disparate systems, all with their own log-on.”
Xero infrastructure engineer Dan Bowden remembers some guessing, when it came to provisioning new users. “We set up new users by adding them to Active Directory,” he says. “We’d find an existing user who might have a similar job title, and guess what groups we should put the new user in, and try to give them the right access to the right applications.”
The company’s cloud-focused, innovative workforce was constantly on the lookout for new applications, so the number of cloud apps grew quickly. To scale as an organization, the small IT team had to get a handle on application provisioning.
In their search for the perfect identity management platform, the team focused on security and ease of use, certainly—but they also, quite literally, wanted something beautiful. “As silly as it sounds, it needed to look good, feel good, and feel sort of leading-edge,” says Jessett. It also needed to meet requirements for Microsoft Active Directory (AD) integration.
Early adopters of elegant identity management
After a brief assessment of the market, the Okta choice was clear. “We were early adopters. There weren’t too many products like Okta at the time,” says Jessett.
The team implemented Okta Single Sign-On and ever since, “the Okta portal is the place Xero employees go to start their day,” says Jessett. Today, the company has more than 120 applications integrated with Okta. Where before it took IT about two days to deploy a new app, they can do it now in less than two hours--sometimes in as little as 30 minutes.
With such a large number of apps, things can get confusing. Having a single place where people can see what’s available, and be able to access it all without remembering separate passwords—that’s huge. It’s also saved them about NZ$10,000 in annual hosting fees, because they were able to retire Microsoft Active Directory Federation Services and DirSync.
IT staff initially used AD as their master for employee profile information, adding and updating data manually. Okta’s tight integration with AD meant that, as they adopted more cloud applications and moved away from on-prem, AD-reliant ones, they could shift profile mastering away from AD, as well. In the past few years, they began using Workday as a master instead, storing information within Okta Universal Directory and using Lifecycle Management to automate provisioning processes. “Now that we provision from Workday into Okta, user creation is automatic,” says Bowden.
As HR staff enter employee information into Workday, the data flows into Universal Directory, which pushes it out to applications, such as Slack, Google Apps, Office 365, and Salesforce. Users are placed into location and distribution groups within Workday, and that information triggers automatic provisioning to the apps they need, with the correct configurations.
“Okta makes all the configuration changes in the apps for us, which is amazing,” says Bowden. “It stops us logging into 15 different systems to make changes. We just make it once, and it pushes through to all these different applications.”
Okta stops us from logging into 15 different systems to make changes. We just make it once, and it pushes through to all these different applications.
The move to Workday involved a big shift for Xero IT—from managing and controlling employee information themselves, to handing that responsibility over to the HR team. “It was good that we have a really good relationship with them,” says Bowden.
Today, with both teams committed to the goal of elegant, super-efficient identity management, 95% of onboarding and offboarding processes are automated, says Jessett. Xero has fully automated 90% of Day One applications.
“It’s one of the key deliverables for our team,” he says. “Sometimes, we had 14 or 15 new starters on one day, and they had to have the best experience. They needed to be up and running from Day One. Okta and our automation processes have been key in that, as well as our amazing team.
A partnership for secure simplicity
The Xero team also uses Adaptive Multi-Factor Authentication (aMFA), which adds another layer of security, while keeping access beautiful and simple. With Okta Verify, employees “get a message on their phone, they press and approve,” says Jessett. When users are in the office, they get fewer multi-factor prompts than if they’re off-site or logging in from a new system. “They think it’s great,” he says.
From the IT side, aMFA is just as beautiful. “You tick a box in Okta and it’s done,” says Bowden. “Okta is our first step for security.” With a single login for every application, users don’t have to remember more than one password. With automated lifecycle management, it’s a simple process to remove access when employees leave the company. All of that adds up to secure and efficient identity management for Xero.
As the company grows, financial sector compliance requirements grow, as well, but “it’s never been an issue for us,” says Jessett. He gives Okta’s Customer Success team much of the credit for that. “Okta’s always been on the forefront of that compliance process,” he says. “They’re our trusted advisers in that space.”
Okta Customer Success has been with us every step of the way on our Xero journey, right from the beginning to today.
“Okta Customer Success has been with us every step of the way on our Xero journey, right from the beginning to today,” says Jessett. “We’ve worked very closely, and they’ve helped us with the growth challenges we’ve had. It’s been more of a partnership or consultancy, rather than a, ‘Man, we’ve just hit this big problem, you’ve got to bail us out!’ relationship.”
IT that can focus on “the good stuff”
“If you look at the Xero story,” says Jessett, “we’ve had hypergrowth. If we didn’t grow as an organization, we would have failed. Okta’s been crucial in that. If we didn’t have centralized identity at the beginning, there’s no way we could have grown at the rate we have.”
“Now, when we’re thinking about a new app or anything, we go through a range of different questions. One of the very first things we ask is, is it SAML-enabled, and is it in Okta?” says Bowden. “We just do a quick search in Okta and if the app’s already in there and verified by Okta, then that ticks all the first boxes for us. If it’s not in there and it doesn’t support SAML, it’s basically a no.”
“Our goal is to get everything into the cloud, and it would be great not to rely on AD anymore,” he says. “Okta has just made our lives so much easier. Every month when they release new features, we use them and we think, ‘Oh wow, it’s even better. It’s even better.’ There are so many things in there that make our lives easier.”
Today, the 28-member IT organization supports more than 2,000 users in New Zealand, Australia, and around the globe. That’s about a 500% growth in the company, since they deployed Okta. Without that partnership, “we would not have been able to scale fast enough,” says Jessett.
“We’re a very lean team,” he says. “Okta’s core to that. I think differently, in terms of what our people do day to day. They focus more on the good stuff.”
Xero IT can stay focused on creating beautiful accounting software, in other words--which is the main factor driving that incredible growth.
Xero is beautiful, easy-to-use online accounting software for small businesses and their advisors. The company has more than one million subscribers in more than 180 countries, and seamlessly integrates with more than 600 apps. It was ranked No. 1 by Forbes as the World's Most Innovative Growth Company for two years running, won Technology Provider of the Year at the 2017 British Small Business Awards, and was rated by Canstar Blue as Australia’s best accounting software for three consecutive years, from 2015 to 2017.