In today’s high-touch digital world, it’s harder than ever for brands to engage with consumers. HubSpot is embracing these evolving consumer behaviors and providing insights to help companies deliver world-class customer experiences. Around the globe, more than 8,800 HubSpot employees work to help businesses connect and grow better with an agentic customer platform built for teams across marketing, sales, service, and operations.
Behind the scenes, a small and nimble team uses Okta to manage identity security for the entire organization. “If we didn’t have something as easy and smooth as Okta, it would take a team that was at least five times as big,” says Andrew Meinert, director of system operations.
“Everyone is trying to find ways to secure against smarter, adaptive cyberattacks,” Meinert adds. “Okta’s strong identity and device controls and data insights help us keep ahead of those threats, so we don’t have to worry.”
A trusted identity partner since 2012
Before Okta, Active Directory was HubSpot’s primary user database. But with its basis in on-premises apps, manual provisioning, and limited security, they needed a modern, cloud-based option to properly scale. At the time, HubSpot was a hyper-growth startup, adding 30-50 employees every month, which made onboarding a cumbersome task for a company without a formal identity and access management (IAM) solution in place.
It was time to implement a full-fledged solution that could grow with HubSpot’s evolving directory and IAM requirements. The team implemented Okta in 2012 and remain early adopters, enthusiastic beta testers, and strong partners. “HubSpot has had a strong relationship with Okta for more than 14 years,” Meinert says. “It’s been a long journey together, and it’s helped us harden our infrastructure to the point that we don’t have to worry about a lot of it.”
HubSpot’s direct connection with Okta staff is a huge advantage that saves time and helps Meinert’s team accelerate operational efficiency. “I’ve seen functionality grow and evolve, and one of the consistent high points is the partnership we have with the product and engineering teams inside Okta,” he says. “ We walk together through everything from wireframes to fully realized products, and it elevates our partnership in ways you don’t see with many vendors.”
This is in large part due to the support from HubSpot’s Customer Success Manager within Okta. “A real advocate and fantastic resource, they’re extremely responsive and efficient,” Meinert says. “They’re instrumental in connecting us with the Okta engineering team to expedite the iterations we’ve achieved related to devices and access.”
Meeting evolving challenges by future-proofing security
A rise in social engineering and phishing attacks that bypass traditional, two-factor authentication (2FA) posed a new threat to HubSpot’s security team, and they knew those attacks would only continue to evolve. To get ahead of threat actors, they accelerated plans to upgrade to Okta Identity Engine (OIE). This change meant the team could introduce phishing-resistant, passwordless authentication via FastPass and Adaptive Multi-Factor Authentication (AMFA). “We are passwordless by default,” says Meinert. “If someone wants to adopt any new software, it has to connect to Okta.”
This upgrade also improved HubSpot’s device posture assessment by introducing Device Assurance policies to meet many of the needs traditionally provided by a mobile device management (MDM) solution. With this device context, including signals such as security scores on managed devices, Meinert and his team are able to further strengthen their security posture. “Good security is not just about locking everything down, it’s also low friction and easy to use,” he says. “Okta gives us the flexibility to add more friction where we need it while maintaining a simple, easy experience everywhere else.”
Following this success, HubSpot set out to secure all of their devices through simpler, more intuitive security controls. "We were decommissioning another tool that kept passwords in sync, but we wanted Okta Device Access for a more native password sync experience and better reliability, “ Meinert shares. “Having one fewer password for folks to remember has reduced account lockouts."
By taking a risk-based approach to access and securing nearly all of HubSpot’s apps behind company-owned hardware, the team can trust that they’re protected. “Our aim is to secure HubSpotters' sessions while keeping friction to a minimum. Device-Bound SSO enables us to reduce prompts without compromising security”, says Meinert.
Reducing provisioning request tickets by 80%
Especially in rapidly growing organizations like HubSpot, manually provisioning accounts is tedious and time-consuming. To automate and manage the entire lifecycle as users join, change roles, or leave HubSpot, Meinert’s team uses Okta’s Lifecycle Management, which conveniently integrates with AD.
“We take advantage of every app with a SCIM integration to enable end-to-end lifecycle management,” Meinert says. The team assigns applications at the employee-type level for interns, contractors, and employees, and membership to those groups is automated from their HRS system and other integrations to simplify onboarding. New employees can now request certain applications and have access the next time they sign into Okta. A single integration with a core workflow automation solution has reduced the team’s end-to-end help desk access provisioning request tickets by at least 80%.
On the opposite end of the life cycle, Okta gives HubSpot IT peace of mind. “We know that when Okta offboards a user, their access to Google Workspace, Slack, and any other app is terminated, which eliminates lingering risks,” Meinert says. “That level of automation makes everybody’s lives easier and means my team can support the needs of a scaling business without requiring additional headcount.”
A partnership that drives innovation
In addition to scaling specific processes, HubSpot deeply values the strategic value that comes from partnering with fellow industry leaders. “Being able to toggle new features on ourselves is so helpful,” says Meinert. “We can go from seeing and testing a new feature to deploying it at our own pace, and it’s sometimes hard to keep pace with Okta’s rate of change — which is a great problem to have.”
As the industry evolves into a new era of agentic AI, HubSpot is grateful they can trust Okta’s vision aligns with theirs. “Okta's early approach to agent identity and authorization, where the IDP mediates authentication and level of access, is the right one,” Meinert says. “As our agents multiply and become more sophisticated, we’re excited to talk to the Okta product team about how we should be thinking about agents and how they’re thinking about them. I feel confident going into uncharted territory together.”
Beyond agents specifically, Meinert also sees new opportunities to connect with Okta to satisfy HubSpot’s teams and deliver a secure user experience. “Okta is deeply committed to building with us as we test and provide feedback,” he shares. “It’s always rewarding when we introduce something like FastPass, that everybody loves and is so excited to use, so we’re looking forward to what we can build together next.”
About HubSpot
HubSpot is an agentic customer platform that helps your business grow better. From a one-person business to a 2,000+ employee enterprise, HubSpot’s agentic customer platform has the marketing, sales, customer service, data management, and content management features you need to build the best experience for your customers.
