To become more agile and scalable, AFGE turns to Okta
apps for 400 employees
apps for 300,000 members
reduction in password reset requests
elimination of connector maintenance
- Launching into the cloud
- Too many logins
- Search for identity
- Connecting to Office 365
- Protect and serve members
- Need for ramped-up security
To better serve its employees and members, AFGE started its transition to the cloud with more reliable and modern technologies.
Users found themselves swamped with too many passwords for their multiple systems. IT first explored on-premise AD FS, which proved too time consuming.
A search for a rich, reliable, open-integration framework led AFGE to Okta for Single Sign-On, lifecycle management, ease of IT administration, and the self-service capability to manage apps.
After considering using Microsoft to connect to Office 365, AFGE instead chose Okta for the reliability of its people and support.
External SSO allows members to easily and securely access their benefits and applications with a single login to the AFGE public website.
AFGE implemented Multi-Factor Authentication with Duo to heighten security; IT and end-users now experience a seamless integration to Okta.
AFGE becomes a cloud-centric organisation with Okta
With full IT responsibility for its 300,000 members and 400 employees, the American Federation of Government Employees (AFGE) needed a more agile and scalable IT infrastructure to best serve its users. Okta provided a rich identity solution helping AFGE become a cloud-centric, mobile, and forward-thinking organisation.
With full IT responsibility for its 300,000 members and 400 employees, the American Federation of Government Employees (AFGE) needed a more agile and scalable IT infrastructure to best serve its users. Okta provided a rich identity solution helping AFGE become a cloud-centric, mobile, and forward-thinking organization.
Taylor Higley, Director, Information Systems, American Federation of Government Employees
In search of identity, and then some
Ten years ago, when Taylor Higley, AFGE’s director of information systems, came to work, it was a good day if all IT systems weren’t down. Working in a traditional IT environment and spending a lot of time in the back office wasn’t cutting it.
When it came to identity, AFGE originally had a traditional on-premise infrastructure. “We had a lot of different log-ins for numerous systems, and nobody enjoyed the situation,” Higley admitted. Password-reset requests, one of their top 10 issues, became a real headache for IT and employees who were routinely locked out for at least 20 minutes at a time.
As AFGE moved to the cloud, they lacked a common layer to get into or manage the many disparate applications. And without a strategy for enabling mobile access, AFGE’s cloud-centric strategy wasn’t as effective as possible.
Not only did Higley need to resolve internal IT issues, he also recognised a need to better serve AFGE members. For members to access the great set of benefits AFGE provides, they log-in to numerous systems via the AFGE website. When Higley looked at that log-in piece, he knew IT needed a modern framework for managing identities here as well. “Our public-facing web at AFGE was entirely custom. It didn't give us the ability to integrate with other applications and required a lot of heavy lifting for our internal team,” Higley remarked.
Higley began to look for a more reliable solution with modern cloud technologies so his team could become more service focused, rather than stuck in the back office doing the heavy lifting.
IT first tried Microsoft Active Directory Federated Services (AD FS) to help solve their problems. But Higley found it more time consuming to manage the on-prem solution than they’d originally spent resetting passwords. The bottom line, according to Higley: “Nobody likes 3:00 A.M. wake-up calls. IT team members wanted to get away from using AD FS. We want to know the service is always on, always available.” They were motivated to find a more reliable solution with zero down time that allowed them to pick the best parts of the cloud ecosystem and sleep soundly at night.
Pillars of identity driving AFGE’s search
AFGE had three pillars of identity driving its search for a better identity solution:
- Trust: Trust the provider they were handing over identity to in terms of security, business practices, and financial stability
- Reliability: Know the system was always on, always available
- Rich, open-integration framework: Avoid being siloed into one vendor, one solution
Choosing Okta for strong technology, trustworthy people
After deciding on a service approach, Higley narrowed it down to a couple of large providers and Okta. What differentiated Okta was the ability to contact support and get quality help when needed. “We believed Okta had the appropriate level of trust, reliability, and security. It came down to the people,” Higley explained.
Identity Solution, Office 365 integration with Okta
Okta provided AFGE with an on-demand identity and access-management service. They first set up Single Sign-On with Universal Directory to give employees secure, one-click access to their apps. Universal Directory provides a single place to manage all of AFGE’s users, groups, and apps. Lifecycle management — automated user onboarding and offboarding — reduces the load on IT for provisioning requests and enables end users with immediate access to the applications they need.
When AFGE went live with Okta, they wanted an intuitive experience for their users. Higley found Okta was one of the easiest services to deploy and train its users. “On day one, employees would come in, sit down, and see one place to get to everything they need. For me, that was an ah-ha moment,” Higley marveled. “No more URLs to remember, no directing people to a lot of different websites. Everything goes to Okta; then they’re on their way.” Office 365 was the first piece integrated and gave a focal point to then build out all other applications and integrations.
External identity management: a boon for members
After a successful Okta rollout to AFGE employees, Higley looked to Okta for external identity management. “At AFGE, the trust of our membership is important to us. We have a lot of information we need to protect,” Higley stated. AFGE needed to provide members with seamless, secure access to their benefits and applications and Higley knew Okta could provide the solution.
With Okta deployed, AFGE’s 300,000 members can now access their benefits, programs, trainings, and conferences from a single location.
“With all of that power and convenience comes the need to wrap it in a tighter security bubble,” Higley explained, leading IT to implement Multi-Factor Authentication. “We’ve appreciated the open approach to integration so we can use Duo security with Okta and make those best choices and integrations.”
From identity to mobility management
According to Higley, Okta’s Single Sign-On, Universal Directory, and Lifecycle Management are at AFGE’s core and foundation. He’s also seen an ease of administration, as well as the self-service ability to add apps.
All told, AFGE has seen $40K in annual IT savings by sunsetting AD FS and two servers. They’ve reduced password-reset requests by 80 percent, eliminated 100 percent of connector maintenance, and reduced their administrative burden. End users have seen productivity savings valued at $100K+. No longer are they stuck waiting for access on day one, when AD FS is experiencing outages, or for passwords to be reset.
With their new identity layer in place, AFGE currently has 400 internal and 15,000 external users. Employees have 130 apps in use; members have five. “Without a good identity layer like Okta, we really couldn't be the cloud-centric, forward- thinking organisation we've become.” Higley said.
AFGE’s next step? With mobility a top priority, IT plans to deploy Okta Mobility Management to improve productivity as well as security for users on the go with mobile devices.
AFGE also plans to focus on data analytics to better serve its community and improve the government. AFGE's goal is to be big enough to win, and for AFGE, that means having the power, people, and processes to grow the union, to better service membership. “Okta puts us in a position where, as the union scales its capabilities, we’re able to carry along our identity layer,” Higley reflects.
About the American Federation of Government Employees
The American Federation of Government Employees (AFGE) is the largest federal union representing federal and Washington D.C. government employees internationally. Members include the doctors, law enforcement officers, scientists, correctional officers, nurses, and food inspectors who keep America healthy and safe.