The world’s first online payment system was launched and tested more than 30 years ago. In the decades since, banking standards have evolved and institutions require new infrastructure for money movement to keep up. The team at Modern Treasury recognized that building and managing bespoke payments infrastructure takes too long and costs too much, so they set out to provide a solution that helps money move at the speed of the internet.
Today, that mission is supported by nearly 200 employees and more than 140 cloud-based applications. The company’s workplace technology team operates within its people team and is responsible for supporting both the people and applications. “We’re an internal team, but we still have to really understand our customers,” says Mark Jeffries, workplace technology manager. “Our mission is to make sure everyone can do the work they were hired to do instead of wasting time futzing with their technology.”
Modern Treasury started its journey as an Okta customer to ensure the workplace technology team could make good on that mission with a unified identity security fabric. “Our CTO had the foresight and vision to treat identity management as a first-tier problem,” Jeffries adds. “Many startups don’t prioritize identity early and have to revisit the discussion. If you go with Okta, you never have to have that discussion again.”
Building an identity infrastructure that grows with the company
Having worked with Okta at other organizations, Jeffries also knew what he and his team wanted from the platform and how to work with Okta to make it possible. “If you aren’t managing the identity of people using your applications, that footprint gets out of hand,” he says. “If 20 people buy their own licenses to an app, it becomes a management headache to track them down, and it can cost you a lot of money. We need to be able to monitor and approve as they go.”
This is especially important for Modern Treasury as a company in fintech. Even though the organization doesn’t directly handle funds, they’re still responsible for highly regulated datasets and provide solutions for customers who do manage money. With Okta, the team knows they can reliably monitor and audit its access controls to retain compliance. “With Okta, we know if there is anything wrong, all of our rules, access controls, and information are in one place, so it’s easy to pinpoint and fix,” Jeffries adds. “Having an identity partner that centralizes our management and will continue to evolve with us dramatically simplifies the insanity of manual management.”
The journey from “simplified” to “fully automated” identity
A cornerstone of Modern Treasury’s identity strategy was limiting identity sprawl from the start. By keeping the workplace technology team within the people team, the company ensured that identity and people management work in lockstep. While its HR platform continues to be the source of truth for people, it pushes employment status and other valuable data points into Okta’s Universal Directory to automate substantial amounts of employee onboarding and offboarding journeys with Lifecycle Management.
For onboarding, its HR platform sets new accounts in a “staged” status. On the employee’s first day, all the workplace technology team does is activate the account. From there, the new user is automatically invited to Okta, asked to set up a Single Sign-On (SSO) password that’s shared between Okta and its device management solution, Iru (formerly known as Kandji), and the user can start working. “New employees have access to any SCIM-enabled apps as soon as they login because we can assign them based on Okta groups,” Jeffries says. “It makes our lives so much easier to know that when they log in for the first time, everything's there, and they can get to work.” With this secure, automated, and frictionless process in place, Modern Treasury establishes trust starting at account creation and creates a verified identity as the foundation for every employee’s activity.
Ad hoc access requests are also automated after a simple Slack message. The team has set up a “one-stop shop” Slack channel that users can request access through. That message creates a Jira ticket, so the team always has a clear audit trail for any request, the app’s administrator receives a request message, and once they approve, the user is notified via Slack that the app is now in their Okta dashboard. “Being able to point our internal ‘customers’ to Okta or Slack means we can focus our time on growth instead of tinkering with every app that comes through the door,” Jeffries says.
Offboarding has also gradually been automated over time. Where the team once had to manually deactivate app access after a termination date, they now automate more than 75% of the offboarding experience. After HR flips a switch, Okta immediately suspends access to Google Workspace, deactivates any SCIM-enabled apps, and triggers downstream removal and deactivation of every cloud-based app the person had access to via Okta. “In previous roles at other orgs, we had what I call ‘password parties’ when someone was offboarded,” says Jeffries. “A team had to hunt down all of its passwords, and it could take days. Now, with Okta, offboarding takes less than an hour, and it’s mostly automated.”
Improving security and saving costs with continuous insight and control
While governance is typically a compliance-driven activity, Modern Treasury chose to expand its Okta footprint with Okta Identity Governance (OIG) to get ahead of access risk. For a team managing highly regulated datasets, continuous visibility into who has access to what isn't a compliance exercise, it's a security control. “Okta Identity Governance was fairly simple to set up, and now we can just hit a button, run our campaigns, and periodically check our dashboard,” Jeffries shares. “We don’t have to disrupt our end users’ days to collect the data we need, it just runs in the background.” They’ve also integrated Okta with their primary compliance tool, Vanta, via the Okta Integration Network (OIN). Now, the compliance team can review valuable Okta data without having to leave its own workflows.
The team has since been able to use the insights available in OIG to adjust license distributions and help Modern Treasury save on massive licensing costs. “We conducted a license review to shift our Zoom license distribution, and OIG helped us identify everyone from our high-traffic Zoom users to our most casual,” Jeffries says. “Having access to that data at our fingertips means we could give leadership a confident answer instead of an educated guess.”
Developing a proactive approach to security with intuitive tools and greater automation
Combining the data available in OIG with Okta’s out-of-the-box reporting gives Jeffries and his team the information they need to strategize about the future of identity at Modern Treasury. “It can be easy to push proactive solutions down the road when you’re focused on the day-to-day operations,” Jeffries shares. “But Okta reminds me of new features and opportunities, and they continue to get cleaner, easier, and more robust, which makes it easy to choose what to do next.”
The company’s next step in streamlining and strengthening identity security is introducing FastPass for phishing-resistant, passwordless authentication. “FastPass is a tool that’s designed for a world where we assume everything's compromised,” Jeffries shares. “The less friction we have around security tools, the more likely our teams will use them, and that’s where FastPass slots in perfectly.”
Beyond the individual user experience, Modern Treasury is building its strategy for securing AI agents to ensure there’s proper balance between automation and secure access. “I'm excited to see the same consistency I’ve found in Okta’s product suite and the OIN showing up in what we’re exploring with Okta for AI agents,” Jeffries says. “Okta has already proven that it can support our people, and we have to treat our growing number of agents as human-esque. Okta feels like part of our natural path forward for securing AI.”
About Customer
Modern Treasury provides the most trusted infrastructure for payments and brings companies closer to a world where money moves at the speed of the internet. Offering a single API for both fiat and stablecoins, the team helps businesses move and track money faster, easier, and more transparently over their choice of rails.
