Securing and supporting the City of Angels
From the glamor of Hollywood to the dome of the Griffith Observatory, the City of Los Angeles is home to some of the world’s most iconic cultural landmarks and more than 4 million people. Providing the best possible services and support to those residents also requires a team of thousands of public servants. The city’s Information Technology Agency (ITA) manages a vast tech stack to empower those public servants and support residents.
To serve city employees, the ITA works tirelessly to enhance the employee experience and help staff be as efficient as possible without sacrificing security standards. “Every employee uses a minimum of six platforms, and logging in with different usernames and passwords, not only increases security risk but wastes a lot of time,” says Eduardo Magos, Assistant General Manager, City of Los Angeles, Information Technology Agency.
Meanwhile, to serve residents and local businesses, the ITA works to make engaging with city services easy and to build trust between the government and Angelenos, but doing so isn’t easy. Especially as Los Angeles faces an increasing volume of cyberattacks, tackles high expectations for digital experiences, and prepares for the world’s stage with events such as the 2028 Olympics. In this journey, the city recognized that most of its public-facing systems relied on custom-built identity solutions, maintained by small development teams. This led to inconsistent usernames, password policies, and user experiences. To best serve its residents, businesses, staff, and partners, the LA ITA sought to build secure identity solutions with a single identity partner. After a comprehensive search and evaluation process, they selected Okta.
Centralizing employee identity to reduce costs and accelerate work
To unify identity through a single source of truth, the ITA plans to connect their HR platform, Workday, with Okta using an out-of-the-box connector. By importing identities into and managing them in Universal Directory, the team will be able to drive lifecycle flows with Okta Lifecycle Management and automate actions in downstream applications. These automations will simplify provisioning and deprovisioning, ensuring access changes take effect immediately, improving efficiency for employees while minimizing risk. At the same time, centralizing identity with Okta will improve visibility across their tech stack, allowing the ITA to quickly see who has access to what to make informed decisions. “Workday and Okta together will connect our applications so that people get what they need faster, we can remove access quickly, and we’ll have insight into which apps people are using,” Magos says. These insights will gradually inform future-facing decisions about which applications can be retired or whether seats can be removed, allowing funds to be reallocated.
Staff will also benefit, as they’ll be able to access the tools they need more easily to be productive. Using Single Sign-On, the city aims to eliminate the need for staff to manage multiple usernames and passwords, enabling them to work efficiently and effectively in serving the community. Additionally, the city of LA’s Identity Section will secure vital city data with Multi-Factor Authentication (MFA). “As we tighten password rules and add more security checks, we don’t want to frustrate users with constant logins,” Magos says. “With SSO and MFA, we can stay compliant and secure while still making the experience simple.“
The city also plans to add a layer of security with Okta Device Access. “Devices enable our staff to access systems containing personal identifiable information, confidential legal files, and other sensitive data,” says Nima Asgari, division manager. “Keeping that data safe is our top priority.” By integrating device-level identity security into the Okta Platform, the city will ensure that users only access data from approved, compliant devices. Critically, the team will also be able to leverage device data across their identity security fabric, including deploying additional dynamic MFA policies that will enhance security and reduce MFA fatigue.
The Angeleno Account: providing a single identity for access to city services
To help improve experiences and build relationships between the city government and LA residents, the ITA sought to centralize access to city services. The agency partnered with Auth0 to power their Angeleno Account. The Angeleno Account is the key to the city’s vast network of services for city residents and businesses, such as the MyLA311 for city service requests or ePlanLA for building permits. “Our residents and businesses don’t have the same relationship with us that they do with our private sector counterparts,” Magos shares. “They don’t have to interact with us, but if we can add value and build trust through Auth0, we can nurture those relationships and show them how we can help.” Since their first point of interaction with the Angeleno Account is their login page, the team designed a custom, no-code page through Universal Login and Forms to mirror the look and feel of the rest of the Angeleno website experience. This reinforces their brand, establishing a familiar and trustworthy experience for their nearly 500 thousand residents and business users.
Once a user is logged in, the city can use Actions to build additional, optional steps to create a more robust identity. Integrating progressive profiling means users can create an Angeleno Account with just basic login information, but as they use other services, they can enter additional information such as language preferences. The city can use these data points to provide customized experiences and new recommendations over time. Providing these additional details is optional, allowing users to feel in control of their relationship with the city and the information they share. “Most things users can do with the city, they can do anonymously,” Magos adds. “With Auth0 though, they can provide additional information in response to our prompts at their own pace, and we can offer more value as they share with us.”
Accounts are also secured against potential cyber threats with Auth0’s advanced security features. The team is gradually introducing MFA, presenting it as an opt-in option to improve security while minimizing demands on users. Over time, the city plans to implement mandatory MFA for all users and continue to use Actions to offer more advanced authentication workflows soon. “We’ve made MFA available for our Angeleno Account because we see it as the industry best practice,” Asgari says. “Since Auth0 gives us the flexibility to offer step-up authentication when a user takes a sensitive action, this way, we can offer increased security without impeding users.”
With Attack Protection, accounts have additional layers of defense, before, during, and after authentication. “We saw global pinpoint attacks on our accounts from motivated attackers who were circumventing CAPTCHA,” says Asgari. “We were able to easily configure and deploy Auth0’s Bot Detection. Now those same attackers are blocked, and we don’t have to take any action.” Now, rather than spending a few hours per week manually remediating by identifying IP addresses and sending that information to the city security team, the ITA can focus its attention on supporting the rest of their tech stack.
Outsourcing identity development to support city business partnerships
Adopting Auth0 has simplified more than experiences for residents and businesses. With the Angeleno Account, the ITA can share resources with partners to simplify identity development and administration. This means lean development teams, burdened with additional costs and limited expertise, no longer have to create or maintain critical identity features from scratch. By trusting Okta with their identity needs, these teams don’t have to manually manage password-related support tickets or risk identity outages. Instead, they can more wisely allocate government spending by focusing on improving services for the community.
Plus, with Auth0’s flexibility, these teams can implement new identity features quickly and easily with minimal support. “More than half of our applications were fully written in-house in multiple languages,” Magos shares. “Auth0’s great SDKs and native integrations made making changes easy.” Auth0’s clear documentation means the team no longer needs to find developers who are experts in specific programming languages and also have identity expertise. They can simply provide partners with documentation, sample code, and set up new partners to build autonomously.
Preparing Angelenos for the future and the world stage
The city’s collective shift in identity infrastructure is helping LA evolve both globally and locally. The 2026 World Cup, Super Bowl LXI, and the 2028 Olympics are set to take place in the city, and as it prepares for the spotlight, LA is ready to show the world what a modern, technology-minded city looks like. “The eyes of the world will be on us, and that brings with it a lot of excitement but also increased scrutiny around our security,” Asgari says. “We’re planning to implement phishing-resistant factors such as passkeys and biometric login to make things even more secure and easier for our users as we welcome millions of visitors.”
Alongside these growing security measures, the city is seeking new ways to utilize progressive profiling to deliver even greater value to Angelenos. “We're a diverse, multiethnic city with so much going on, but we don't have funding to market,” Magos shares. “Progressive profiling with identity lets people tell us what they’re interested in.” With new user-related information, the city aims to provide opt-in, proactive notifications about various topics, including local events and street sweeper route changes.
By extending their partnership with Okta, the agency can continue to simplify digital services for the community and expand the impact of taxpayer dollars. Throughout and beyond these projects, new residents and businesses will continue to thrive, and with a simple, secure identity, the City of LA is ready to “bring it all together.”
About Customer
The City of Los Angeles is a global hub of culture, entertainment, and innovation. Home to over 4 million people, it offers iconic landmarks, diverse communities, and a vibrant arts scene. The city’s Information Technology Agency develops the IT infrastructure that provides LA’s citizens, businesses, and visitors with the digital services they expect from a global city.
