Microsoft Office 365 is the most popular application used by Okta’s customers. This eGuide starts with data from the Okta Integration Network on the trends we are seeing around Office 365 and some interesting insights. It moves on to describe some of Okta’s unique value additions that result in simple, speedy, deployments of O365 and other cloud applications. Finally, there is a discussion on how to leverage the identity architecture to get the lowest total cost of ownership and the agility to modernize IT.
Office 365 Adoption Accelerating Through the Roof
We’ve noticed something quite extraordinary happening in the Okta Integration Network—Office 365 is the #1 (or top) app integrated according to Okta customers. Since Office 365 includes email, collaboration, calendar and more, if you use Office 365, it’s commonly used across all of your users, and it’s used nearly every single day.
Okta consistently sees growth across the board in cloud apps, as more enterprises join Okta and adopt the cloud. Office 365 adoption has grown at a faster rate than other apps amongst Okta’s customers. Office 365 use surpassed Salesforce.com in 2015 and the gap has widened.
Who’s Going to Office 365?
We have found that customers of all sizes and industries, such as Adobe, Toyota Australia, Allergan, and MGM Resorts are connecting their Okta tenants to Office 365. Our customer data also indicates that industries including banking, food & beverage and manufacturing are very clearly choosing Office 365 over Google Apps. Consulting and law firms, and general technology companies are more divided with pretty even adoption. Meanwhile, Google Apps is a clear choice among advertising firms, educational institutions and software companies.
Getting the most out of your cloud apps means getting the most out of the investments you’ve made today, but having systems in place that can help you stay flexible in the future as well.
For now, there are some key identity and mobility challenges you will want to think about and plan for prior to and during deployment of Office 365. If you’re not ready, the process of onboarding all users to Office 365 and ensuring the best experience across desktop, web and mobile can become a much bigger challenge than it is for nearly any other application. Single Sign-On (SSO), Provisioning/Directory Sync and Mobility Management present some of the most common hurdles most enterprises face as they deploy Office 365.
Single Sign-On that Just Works
Getting your users to make the most out of Office 365 means making it easy for them to access all O365 services and clients. The sheer volume of Office 365 clients can be overwhelming vs. other applications. On a PC, you have the desktop versions of Word, Excel, PowerPoint, Outlook, Skype for Business, OneDrive for Business, Teams, etc. You also have the web app versions of Word, Excel, PowerPoint, Outlook, OneDrive, etc. You also have the Office 365 suite available on macOS.
And finally, you’ve got Microsoft’s web and native app clients for mobile, spanning iOS, Android and Windows Phone—and the native email, calendar and contacts apps on those platforms. A full Office 365 deployment on the server side also moves Exchange, SharePoint and Lync to Microsoft’s SaaS versions (Exchange Online, SharePoint Online and Lync Online). The web app clients mentioned above are built into these cloud services.
The fun part comes in ensuring users can easily get in and out of all Office 365 services with minimal hurdles from any device, on any client, any location, any time. If employees need to constantly re-enter passwords, they will quickly give up and go back to doing things the old way—or turn to tools not managed by the IT department.
Synchronizing passwords to the cloud may seem like a lightweight option compared to federation. In reality, you’ll pay for the cost in the long run with more helpdesk tickets and user dissatisfaction when things get out of sync or if there isn’t a good, high-availability architecture in place. Plus, users still have to re-enter their passwords in the cloud, which is hardly ideal.
True SSO that authenticates a user seamlessly to a single source of truth for the user’s password (likely in AD) creates a superior user experience. The massive side benefit is that it’s also more secure. You have one place to secure credentials, and you have one place to disable users, instantly shutting off their access. Desktop SSO is also critical for increasing usage of web apps, so users don’t have to re-enter credentials if they close their browser and open it back up again.
Provisioning & Directory Sync in an Ideal World
Next, you need to securely and efficiently provision user accounts. For example, when a new employee joins, you need to be able to add them in the Active Directory with the same process you’ve been using—and instantly have their account provisioned in Office 365—so they’re able to get up and working immediately. Once again, things get more complex with Office 365 in particular. A user’s Office 365 profile likely has the most attributes of any other app, except for probably the HR system. It starts with simple things like having office address and phone numbers in sync with AD or HR to maintain a Global Address List (GAL) with rich attributes. It gets even more complex if you are running Office 365 in Hybrid Exchange mode. Then, you’ll need to keep calendar resources and free/busy times in sync as well. In addition, because there are so many license types and services within Office 365, you need to also assign the right license to a user, and the right Office 365 services. Many common approaches for this are manual effort or involve writing some PowerShell scripts. Ideally, you want this to be automated as well.
When an employee leaves, you also need to be able to use your existing process for disabling their account in AD, with that user being immediately shut out of Office 365. Sure, this too can be done manually, but to gain the most efficiency from Office 365, it’s essential to automate and integrate this as completely as possible to your on-premises directory. You want, and need, these processes to operate as closely to “real time” as possible.
If your organization is entirely cloud-based without an on-premises directory, you may have multiple sources of truth for employee identities today. The process of rolling out Office 365 is an opportunity to evaluate which platform to use as your sole identity platform and create a single source of truth. While you’re choosing Office 365 today, you also want to keep your options open and take advantage of the cloud’s flexibility to change out underperforming services and create an environment that works well for your unique requirements. With a single source of truth, users can easily access all Office 365 and other cloud services through one cloud-based entry point—wherever and whenever they need to get work done.
Getting the Most out of Mobile
Employees from all departments now demand email and calendar on their phones, and Microsoft has made big investments in mobile Office apps. It is a challenge to make the experience simple yet secure. It’s important to enable self-service enrollment for employees choosing to bring their own devices. In many companies, it can be a tedious process for end users to get their phone synchronized to Exchange Online, and it requires direct help from the helpdesk or an IT admin. The result is usually that IT puts in a ton of effort so that C-level executives get it all working. General staff waste time figuring it out, instead of just being productive from day one.
Self-service should be easy and reliable, so people can install the native Office 365 apps, and also configure their device’s native email, calendar and contacts apps. And, on the flip side, when an employee leaves and you remove them from Active Directory, the company Office 365 accounts and company apps must be automatically removed from the employee’s device.
Okta now offers a device trust—our contextual access management solution, to ensure that end users are enrolled to the mobile device management (MDM) solution of your choice before they can access any SAML or WS-Fed app (not just Office 365).
We’ve also made the sign-in experience seamless for end users by offering passwordless authentication to Office 365 mobile apps. Okta will extend this same functionality to all SAML or WS-Fed applications in the Okta Integration Network.
Office 365 is growing rapidly. The biggest hurdle to getting it running and getting all your users onboard is often identity and mobility management. The important thing to note is that you have lots of options to choose from for these solutions. Identity and mobility management impact the day-to-day experience of your users, the security of your data and your flexibility in choosing the best apps for your business into the future. Making the best choice in identity and mobility management for Office 365 can make your rollout go far faster and delight your employees, quickly delivering the most value possible from Office 365.
For more information on how our customers use Okta to deploy Office 365, please visit: