클라우드에서 고객과 파트너 및 직원을 위해 IT 환경을 개척하고 있는 Vivint Solar
users accessing applications through Okta
reduction in password reset requests
applications connected to Okta
See More from Vivint Solar :Oktane17 Presentation
- Solar energy moves to the cloud
- On-prem incompatibilities
- Identity in the Cloud
- AD power without the cost
- Unifying customers, partners, and employees
Beginning in 2015, Vivint Solar moves away from a traditional, on-prem IT model and adopts a 100% cloud strategy. As a first step, they begin developing custom sales tools on the Amazon Web Services platform.
IT finds it difficult to deploy and manage cloud apps and infrastructure with its on-premises identity solution. Vivint Solar switches to G Suite and the search begins for a cloud-based identity provider.
Vivint Solar IT chooses Okta, and moves the password store from AD to Universal Directory. Next, they deploy Workday as a master for employee attributes. Okta syncs with Workday and pushes the data out to apps, automating employee onboarding and offboarding.
To support AD-dependent apps, Vivint Solar sets up AWS-hosted AD. With the transition to the cloud, Vivint reports saving hundreds of thousands of dollars in licensing and infrastructure. Okta integration makes it possible.
After Okta purchases Stormpath in 2017, Vivint Solar moves customer and partner Stormpath-supported apps to Okta’s API. The newly unified identity infrastructure helps the company consolidate data and offer customers more value.
100% cloud. 100% Okta. Vivint Solar charts a unified course.
In its move to a 100% cloud strategy, Vivint Solar switched the entire company to G Suite, and began building custom apps on Amazon Web Services. In the process, they found that managing identities through Okta could save them hundreds of thousands of dollars. After Okta purchased Stormpath in 2017, the company went all-in, unifying customers, partners, and employees on Okta technology.
Instead of paying $170,000 in Active Directory user CALs, I’m paying a fraction of the cost in subscriptions for cloud services. Okta makes this huge cost savings possible.
Mike Hincks, Director of IT Infrastructure, Vivint Solar
- $500K+ in IT savings, including a 95% reduction in password reset requests, automated onboarding and offboarding, group membership rules, streamlined compliance preparation, and reduced AD footprint and licensing costs
- $500K+ in productivity savings, including reduced password lockouts, mobile access to applications, eliminated outages, faster application deployment and adoption, and improved Day One access for new employees
- $200K+ in increased security, including improved visibility into application activity, multi-factor authentication, single-sign-on, and automated deprovisioning
A solar energy company takes off
Vivint Solar is a star in the residential solar space. “Growth has been pretty rapid over the past six years,” says CIO and CTO, Mark Trout. “We’re trying to do things that are a benefit to our customers, our company, and the earth in general.”
The company falls into an interesting middle ground. With 4,500 employees, it’s not exactly a startup, but also doesn’t face many of the inherent restrictions that enterprises face. In the beginning, according to Mike Hincks, director of IT infrastructure, the company relied on traditional, on-prem data centers and systems. But in 2015 Vivint Solar leaders shifted mentalities and decided to run their business a little differently.
To meet the sales team’s increasing demands for dependable, mobile technology, the IT team looked to the cloud. Company leadership recognized the benefits, as well. “Something changes in our industry every day,” says Trout, “whether that’s a new state regulation, a new federal tariff, or an opportunity for customers to change their technologies. That means we have to add new capabilities constantly, develop custom solutions quicker, and configure SaaS offerings faster. The cloud plays into all of that.”
Trout saw increasing opportunities to integrate partner technologies, external customer services, and a growing number of smart devices: thermostats, batteries, and solar panels, to start with. Keeping up would require agility, nimble API connectivity, and an ability to take advantage of best-of-breed software.
From traditional to cloud-first IT
It didn’t take long for Vivint Solar IT to begin developing cloud-based tools for the sales team on Amazon Web Services (AWS). However, according to Hincks,on-prem identity, offered little support for integrating with these tools. It was also difficult to integrate third-party solutions with Microsoft Active Directory (AD).
In early 2015, Vivint Solar took the plunge, according to Hincks, and moved all Vivint Solar employees to G Suite. It was a bold move, but one that fed the collaboration flame within Vivint Solar, says Hincks. G Suite was built for the cloud, with collaboration at its core. It enabled people across regional offices and multiple time zones to work together more effectively.
The die was cast. As the company unloaded more on-prem infrastructure and maintenance responsibilities, it realized enormous cost savings. IT staff also became free to focus on core business initiatives, rather than on keeping email up and running.
The next question, with more applications moving to the cloud, was how to manage and secure employee identity and access. Vivint Solar’s workforce leans heavily mobile, with door-to-door sales people and rooftop installation and maintenance teams comprising a majority of the Vivint Solar workforce.
“About 80% of our employees don’t even have a laptop,” says Trout. “They’re 100% on either a tablet or mobile phone. Making sure they have the right profile and the right access to the tools they need is critical for us. We also deal with customer information, so having a secure model is something we test and evaluate and strive to achieve at all times.”
Because of their experience with on-prem identity, Hincks knew right away that his team needed to take identity to the cloud. “It was just a matter of comparing the cloud providers at the time,” he says. Before choosing Okta, they considered Ping, and Google’s identity and access management solution. The Google solution seemed too new and untested, and Ping had just gone through some major outages. Okta rose to the top because of its leadership in the industry and its proven reliability.
The security benefits of Okta and its partnerships with companies like Google and AWS quickly became obvious as well. “We’re not able to spend the R&D that these companies are on securing data, on adaptive MFA, on ensuring that we’re protected,” says Hincks. “That puts us at ease.”
A provisioning workflow that works
Today, rather than trying to tie their cloud strategy into an on-prem identity model, Hincks says Vivint Solar has successfully deployed Okta and integrated it into a cloud strategy that works for them. Okta has effectively replaced Active Directory as Vivint Solar’s password store, and according to Hincks, the process was remarkably simple. First, IT set everyone up in Universal Directory with Single Sign-On for all applications. Then, they retired the on-prem identity solution and put Workday in place as the system of record for all user attributes.
Okta works hand-in-hand with Workday to maintain user attributes and user access across all the technology in Vivint Solar’s toolbox, from Google Cloud, to Salesforce, to ServiceNow. “We have real-time sync set up,” says Hincks. “Any time you need an attribute change, we can do it in Workday and it real-time syncs down into Okta, which pushes it out to all our systems.”
The company has set up Okta Lifecycle Management’s dynamic groups with group membership rules, provisioned from Workday—“a lifesaver,” says Hincks, when it comes to setting up roles, rights, and profiles. For example, the tight integration with Google streamlines provisioning and allows new employees to be productive faster. They get automatic access to their Gmail, calendar, and collaboration tools on Day One, whether they are based in Los Angeles or New York.
When it comes time for someone to leave the company, the Okta-Workday integration greatly simplifies the process of deprovisioning access across company applications. “That element has really been our largest time savings, in terms of identity management and authorization,” says Trout. “As you can imagine in a direct sales model, we have a fair number of sales reps who go in and out of the company relatively quickly.”
For the IT team, the transition to using Workday as a Master has been supremely stress-free. Hincks appreciates the way they could gradually minimize their provisioning effort in AD, switching from AD-mastered users to Workday-mastered users as part of their strategy. “Okta plugs into what you have and then you can replace it over time,” he says. Okta’s deep integration with AD gives Vivint Solar the power of Microsoft Active Directory without any user administration. “Okta takes care of that for us,” says Hincks.
The value of giving up on-prem identity
When you take everything into account—the cost of lost opportunities because of slow integrations, securing and patching on-prem infrastructure, and outages—Hincks estimates that Okta is three times less expensive than its previous on-prem identity solution.
He says moving to the cloud has provided IT savings worth $500k, which includes $170K in traditional on-prem licensing and $100K annually in infrastructure costs. And it’s not just the IT savings. Vivint Solar has also noted $500k in productivity savings and $200k in security savings. When you’re a company that’s growing quickly, those dollars count.
In addition, the company has dramatically reduced the manual tasks previously delegated to IT staff, with a 95% reduction in password reset requests, complete automation of new Universal Directory accounts and offboarding requests, and a streamlined process for audit preparation. All of this allows IT to focus on strategic problems and support the global growth of Vivint Solar.
Unifying customers, partners, and employees
As Vivint Solar grows, its software integrations grow with it—for external partners and customers as much as for internal employees. “We’re largely a solution integrator for home energy management,” says Trout. “We partner with leading product manufacturers to bring their solutions together in a way that makes sense for our customers.”
To manage those partner offerings and to provide ways for customers to access the data they generate, Vivint Solar developers built an authentication platform to manage partner and customer identities. Originally, that platform ran on the Stormpath API.
When Okta purchased Stormpath in March of 2017, Vivint Solar chose Okta once again, and moved everything over to the Okta API. The result was a completely unified identity infrastructure across employee, partner, and customer applications.
In the transition, the Vivint Solar team used the Okta models they had developed during the on-prem identity migration and applied them to applications under the Stormpath identity management scheme. “We’ve built some standard templates across the board,” says Trout. “Everybody’s used to Okta, so that whole transition was very smooth for us.”
Consolidating data—and making it useful
Today, Vivint Solar customers authenticate through Okta to access information about their solar production, their energy consumption, and their account. “That integration with Okta has been very helpful for us,” says Trout. “Right now, we’re seeing a massive increase in the amount of technology that’s going out to customers.”
“Customers are expecting more, in terms of software,” he says. “We’re developing more tools for home energy management. And all those things are important for profile and identity management. As we look at where we’re going, we see more partners, more partner systems, tools, and integrations—all in support of customer demands.”
Those demands increasingly lean in the direction of smart, connected devices, which also must be identified, secured, and managed. “Large amounts of data are coming out of our customers’ homes,” says Trout. “We’re trying to provide that back in a way that’s useful, so that they can control and have insight into their home, into their usage, and into the savings potential that they have.”
Okta is our foundation for identity management, and we use it not only for customers accessing their data, but to transfer data between partner companies.
“Okta is our foundation for identity management, and we use it not only for customers accessing their data, but to transfer data between partner companies, so we have a consolidated view of the data from the different technologies, whether it be batteries, thermostats, or the solar panels themselves,” says Trout. “Bringing all that data together is really critical for us and for our customers. We do that and then exchange all of that using Okta authentication.”
In the process, Vivint Solar is following its vision of running IT 100% in the cloud. Within a dynamic industry that changes every day, the company remains agile, scalable, and able to respond quickly to every weather pattern on its radar—whether it be political, technological, or regulation-oriented.
About Vivint Solar
Vivint Solar is a leading provider of distributed solar energy—electricity generated by a solar energy system installed at a customer's location—to residential customers in the United States. The company finances, designs, installs, monitors, and maintains solar energy systems for its customers, so they pay little to no money upfront. Over the 20-year term of their contracts, customers receive significant savings relative to utility-generated electricity, and benefit from guaranteed energy prices.