SPH Media Trust: Okta foundation for a modernised subscriber-centric future

Innovating the reader experience with seamless personalisation

SMT is one of Singapore’s most respected brands. But like its media conglomerate counterparts around the globe, it has been battered by the advent of free news content, made available via social media channels and other non-traditional sources. Today, the organisation is accelerating its digital transformation by investing heavily in its people and technologies to cement its position as a trusted source of factually accurate and credible information. 

SMT sees the reader experience as key to its future success. It requires seamless access to its publications for a positive user experience. This is the reason why the organisation has embarked on a Customer Identity Access Management (CIAM) modernisation project for its key publications.  

To retain customer loyalty among its readers, SMT needed fast, secure, reliable access to its digital publications. Readers expect seamless logins via its platform called mySPH. At the same time, advertisers are looking for the best way to reach their target audience and gain maximum exposure to their ads. 

Out of the 10 digital publications and 20 applications under SMT’s banner, The Straits Times, Lianhe Zaobao and The Business Times are its key revenue generators. Over 1,000 journalists in Singapore and foreign correspondents around the world produce quality content for more than a million users daily.

CIAM modernisation to safeguard business critical access management

Moving away from its legacy system that took a cookie-based approach, coupled with rising licensing costs, SMT needed the CIAM platform that could support both web and mobile access, while keeping the user experience as seamless as possible. 

Jensen Boey, Head of Engineering, Digital Products at SMT, explained: “Previously, we designed our own monolithic services for the SOA (Service Oriented Architecture). With new feature requests over the years, it resulted in increasing complexity that we couldn’t make any further changes without destabilising the platform. With no more upgrades or patches available, the existing system was very heavy on operations and maintenance.”

By modernising access to SMT’s digital offerings, the company aims to deliver easy subscription adoption by consumers, with frictionless authentication and omni-channel experiences, while gaining a 360-degree view of the user and critical analytics. 

Embarking on new terrain within media and security

SMT’s thorough analysis of the client access management market included Gartner Research’s review of the different offerings and vendor strengths. The organisation put a tender out with their business and technical specifications. The Gartner evaluations were vital in helping SMT to make a knowledgeable and objective decision. 

This complex design and integration project took both SMT and Okta into new territory. For SMT, they aimed to select a platform that would help the organisation thrive in a fiercely competitive, subscriber-driven market. Meanwhile, media sector’s specific use case issues were a new solution experience for Okta. The collaborative input to each other’s knowledge base resulted in a strategic partnership. 

SMT’s stipulations for the project’s outcomes informed Okta’s proposed software design.  In addition, with dedicated customer success roles and experts embedded in organisations, it was clear that both SMT and Okta shared a ‘customer first’ attitude. “The entire solution and the migration were quite complex, so we needed not only the efficiency results from the product base but also confidence in the Okta’s team,” shared Jensen. 

“Having Okta committed to serving customers in Singapore and the region, we have a local team of Okta staff we can reach out to who understand our business and how we operate.This is very important to us.” 

Discovery workshops revealed the technical details of the load issues. Okta’s pre-sales solution engineer demonstrated Proofs of Concept for concurrency of access across SMT’s domains using Okta’s Access Gateway (OAG); the Single Sign On capabilities; and Okta’s open standard application programming interface (API) integrations. 

As SMT started to implement the new features, Okta’s technical experts were always contactable. They helped to ensure a smooth cut-over and smooth running of the system.

Priority design components for world class management

Reliability, scalability and ease of maintenance were the priorities for the Okta modernisation project. The new infrastructure would deliver world class threat management in terms of usability, visibility, auditing and operations. Okta-as-a-service supports the latest development, authentication and security standards. It removes the dependency on custom development and shifts to the efficiencies of configuration for new capabilities. 

To ensure the access design was streamlined for subscribers, registered users, advertisers and staff, the implementation teams looked closely at user experience cases as it defined the password and multi-factor authentication login options.

Dynamic scaling maintains reliability during peaks

The biggest issue was designing a fail-safe gateway to support SMT's volatile traffic requirements. From the occupant perspective, SMT was challenged to support not only the base limit of its traffic, but spikes in traffic and long-term volume growth.

Online traffic is expected to spike when there is breaking news. “We have dedicated streams of Okta Access Gateway (OAG) where we are able to support multiple nodes, to handle huge traffic spikes. For each of the publications, we came up with the different OAG components so that we can segregate the traffic and at the same time, scale up the requests based on the traffic load,” said Lasith Gamage, IAM Solutions Architect, SMT.   

Dynamic scaling of Okta Cloud was paramount when it came to handling large volumes of traffic. SMT’s testing, against its current loads as well as business predictions, settled on a higher base traffic rate of 60,000 requests per minute. SMT’s new access architecture has different node components for each publication so traffic could be segregated and requests scaled up based on loads.

“It’s difficult to appreciate the complexity of our loads in a multi-tenanted architecture. If one cell hosts too many customers or if it needs to scale up to 12 times the peak load, we need to work out the load balancing and how to optimise across all the cells,” said Jensen.

Phased approach to mitigate risk and maximise lessons learned

In a low business impact, phased approach, the migration to Okta was first to address the legacy platform’s vulnerabilities. The focus has since moved to harmonising concurrency control over the mobile and web versions of its mastheads in a stateless environment. 

In total, 20 different apps covering 10 publications were to be on-boarded – with scaling for the load requirements of each and taking into account the different technologies covering mobile, digital and e-Paper (PDF versions of print newspapers). 

With so many applications, SMT needed to space out the migration process. One of the migration approaches was to schedule the cutover at a timing of low load. But the implementation teams will not be able to predict a critical news break which may lead to a spike of 100,000 users.

To ensure there were no major disruptions to the user experience,, each publication was migrated to Okta separately, over six months. This proved to be of tremendous benefit because the unexpected issues that arose in the first cutover could be eliminated with lessons learnt applied to subsequent migrations and reduce the potential of further issues.  

The biggest migration was for The Straits Times with more than a million user accounts. It was calculated that the scheduled migration took between 36 and 48 hours. To reduce the impacts on users and the risks of having firewalls down, Okta offered extra resources to support the migration round the clock to speed up the provisioning and expedite the testing. The team managed to complete it in under 36 hours.

At the deployment completion, the Okta CIAM Universal Directory had over one million  activated users, with over 200K users authorised under the Single Sign On (SSO) and over 800K users enrolled by Multi-Factor Authentication (MFA).

The calibre of Okta’s Customer Success experts enabled them to make direct, authoritative connections at the C-and board levels. SMT experienced this unique strength of Okta’s offering – the ability to demonstrate both business and technical value to all stakeholders. Jensen knew that with strategic initiatives, such as the introduction of a transformative technology like Okta, securing top-down support was essential for success.

Collaboration throughout design and deployment was viewed by SMT as key to why the project was completed to deadline. Jensen said: “We were able to honestly talk through what the blockers were, how the next sprint was going to be executed and when to prioritise issues for escalation to management,” Okta’s solutions driven approach pushed the engineering team and “embedded the lessons learnt at each step – understanding the specific requirements of our OAG architecture is an example - to deliver a best practice environment for SMT”.

Value added training speeds RoI for Tier 1 application

“It used to be challenging coping with incidents because there was often a delay in getting help and that’s not acceptable for a Tier 1 application,” Jensen explained.

“Our idea with the move to Okta was for us to do extensive developer and authorisation training so we could take on the new platform, speed up our response times and do our own integrations, while having the security of Okta backing us up with level two support.”

The seamless migration meant that most users were not affected, and there was no negative impact on SMT’s reputation as a trusted media source. 

Solving the load situation means the organisation now has 100% availability. This provides flexibility and the freedom to offer readers and different business units new products and solutions as the business grows.

SMT now has a robust foundation from which continuing modernisation can be achieved – securely, seamlessly and with a customer focus. 

Total performance from Okta’s CIAM frees time to innovate

Recognised by both Gartner and Forrester, Okta’s claim of a 99.99% system availability has been proven at SMT. “In terms of performance, we haven't seen any system outage from any perspective – including from our own components that are part of the whole solution,” Jensen confirmed.

 “By virtue of being on a SAAS platform, we don’t need to worry about patching. We’ve improved our resiliency and security, with some new features.”

As Okta is engineered to be a jurisdiction-compliant solution, a simple configuration change also means that SMT can easily and quickly adhere to Singapore’s stringent data laws, under the Personal Data Protection Act, and in countries it operates in.

Leveraging new opportunities for future growth

With its subscriber, registered user and advertiser access controlled, SMT is now able to explore Okta’s current stack and its future innovations. The move to a stateless approach has opened SMT to future options under Okta’s unified identity platform – be it  new B2C or B2B opportunities. Its roadmap, driven by Okta-enabled agility, will streamline SMT’s ventures into new titles, new media outlets such as radio, and expansion into new markets. Under consideration is the use of social logins as onboarding options, and evolving security protections. 

“We are harmonising [access] for the web, followed by the mobile app. In the future, we will be onboarding social logins, even 2FA, for our customers,” said Jensen.

“We moved to Okta for a seamless platform to reduce business impact. For our mobile platform, we’re in the midst of migrating to a stateless approach, which will start next year,” added Gamage.   

SMT underwent a restructuring exercise in 2021, and Okta was commissioned to assist with the recalibration of entities during 2022. Okta’s Workforce identity solution was a key element in securing the centralised authentication of and provisioning for SMT’s local, regional and worldwide staff. With minor customisations to Okta’s code, SMT will be compliant with any government legislated changes to privacy and data security laws.

SMT and Okta saw the value in pushing the boundaries of Okta’s CIAM and professional services.

About SPH Media Trust

SMT is incorporated as a public company limited by guarantee. The mission of SMT is to be the trusted source of news on Singapore and Asia, to represent the communities that make up Singapore, and to connect them to the world. It has several business segments in the media industry, including the publishing of newspapers, magazines, and books in both print and digital editions. It also owns and operates other businesses including radio stations and outdoor media.