boohoo.com: Fashioning a new approach to providing secure, timely, and transparent technology access for a rapidly growing workforce
Percentage decrease in the number of SSO prompts per day
Hours saved each year by automating the provisioning of apps
Hours saved each year by automating user directory creation
- Growing pains and technical challenges
- Turning to a best-in-class IAM provider
- Enabling secure access and automating workflows
- Modernising infrastructure to meet changing needs
- Building on success in partnership with Okta
boohoo.com has expanded rapidly since its launch in 2006, but the company knew it needed a better approach to identity and access management (IAM) to provide a ‘single pane’ view when it came to security. It also wanted to eliminate any future ‘technical debts’ built into its systems during periods of extensive mergers and acquisitions.
Working with Bytes, a leading Okta software licensing partner, boohoo.com explored potential technical solutions to the challenges it faced, and says Okta stood out from the competition. The fashion retailer says it was particularly impressed with the range of out-of-the-box products available on Okta that addressed the challenges it faced.
Securing access to productivity apps and internal systems using a zero trust approach was a chief concern for boohoo.com. It also hoped to reduce burdens on IT staff by automating workflows already identified as key areas for improvement, such as joiner, mover, and leaver (JML) processes, while enabling seamless experiences for its approximately 8,000 users.
Today, boohoo.com is using a whole host of Okta products to meet its challenges head on. Single Sign-on (SSO) and Multi-factor Authentication (MFA) are bolstering security and protecting data found within the boohoo.com UD, while Lifecycle Management (LCM) and HR as a Master (HRaaM) are helping technical staff reduce the burdens on their team and colleagues in HR and elsewhere across the business.
boohoo.com is keen to further explore the potential efficiencies and effectiveness it can build into its process with the help of Okta Professional Services, and will be launching new phases of deployment in the coming months and years. That will include a focus on greater oversight and automation of JML processes, as well as the possibilities of zero touch deployments of laptops and other computing devices.
boohoo.com is a really fast-paced environment. We want to be the first to market, so that we’re able to evolve, set trends, and deliver the quality and choice our customers expect. Okta is playing a big part in giving our staff secure access to the tools they need to achieve these goals.
Leroy McAdjar, Head of Technology, boohoo.com
Founded in the heart of Manchester’s historic textile district in 2006, the boohoo group started life as boohoo.com, an inclusive and innovative brand targeting young, value-oriented customers. The group today is home to a portfolio of multiple brands servicing customers globally, united by a shared customer value proposition, and has become one of the market leaders in the e-commerce fashion sector.
The boohoo group has more than 19 million active customers and company revenue was up 56% over the last three years. The group has made major capital investments, particularly in the areas of logistics and its supply chain, while also growing its office and support teams to maximise the benefits of its group structure.
“Mergers and acquisitions have historically played an important role for us, but we also want to focus on growing organically,” says Leroy McAdjar, Head of Technology, boohoo.com. “That means I need to ensure we have a ‘single pane’ view when it comes to security, along with the backend infrastructure to deliver on our roadmap, no matter how we grow.”
Managing rapid growth with Okta
Staff numbers have increased significantly as a result of this roadmap, from a small team of 70 in 2006 to more than 6,000 employees today. That’s led to a number of technological challenges, particularly when it comes to providing employees with timely, appropriate, and secure access to productivity apps and other internal tools. Leroy says that a big part of his role is to shore up the foundation of the company’s technical systems while avoiding the buildup of any ‘technical debt’ from this rapid expansion.
“boohoo.com is a really fast-paced environment,” Leroy explains. “We want to be the first to market, so that we’re able to evolve, set trends, and deliver the quality and choice our customers expect. Okta is playing a big part in giving our staff secure access to the tools they need to achieve these goals.”
boohoo.com worked with Bytes, a leading Okta software licensing partner, to devise a strategy for updating its approach to identity and access management (IAM) . Bytes helped boohoo.com to explore potential technical solutions to the challenges it faced. Okta stood out from the competition for a number of reasons. Leroy was particularly impressed when it came to the range of out-of-the-box products available on Okta to secure and automate processes his team has already identified as key areas for improvement.
“Bytes helped us evaluate a range of options, but Okta really ticked all of our boxes,” Leroy adds. “At the time, we were particularly interested in securing our VPN using a zero trust model and nobody came close to what Okta could do. We also knew that Okta could offer us a variety of other products to suit our needs, so the timing worked out really well and it just made perfect sense for us to work with them.”
Overcoming pain points and challenges
Today, boohoo.com is using a whole host of Okta products. boohoo.com HR staff previously had to manually create new accounts in Core HR for all staff moving across to boohoo.com. Meanwhile, Leroy and his team ingested all of their existing data, including files and email histories stored on network drives, into the boohoo.com infrastructure. They would then use a third-party provider to create new identities and provide staff with access to their data and any apps relevant for their role. This was also the procedure followed for all JML processes, which had to be managed manually on an ad hoc basis.
In the case of larger organisations, such as Debenhams, that meant batch onboarding thousands of new users within a very short timeline. Leroy says this resulted in a lot of the kinds of ‘technical debt’ that he and his team knew they would have to address further down the line. It also meant that all of his team’s focus was pulled from projects that were already in the pipeline, as well as negatively impacting response and resolution times for day-to-day service desk requests.
“It’s a case of ‘all hands to the pumps’ until we’re able to complete the onboarding process, and it’s a lot of manually intensive work,” he adds. “Anything else we’re working on gets dropped to the back of the queue, which isn’t ideal. It’s time that could be better spent. We knew introducing automations and other improvements in our processes could resolve these challenges, but our existing IAM solution wasn’t up to the task.”
Automating technological processes for greater efficiency
When boohoo.com first approached Okta, the original size of its workforce was around 3,000 users. Today, that number stands at approximately 8,000 - significant growth in a period of roughly three years. boohoo.com is now onboarding around 20 new starters every two weeks organically, whether office workers or warehouse pickers and packers, as well as growing via M&A. boohoo.com is now using Lifecycle Management (LCM) and HR as a Master (HRaaM) capabilities within the Okta platform to automate these processes as far as possible. That means using Core HR as a single source of truth for user identities and Universal Directory to provide a single pane overview, rather than multiple directories containing siloed information.
These processes eliminate the keyboard time spent by HR staff manually entering data, as well as delays created by the technology team needing to manually provision and deprovision access. That eliminates unproductive periods spent by new starters waiting for access to the five to seven birthright productivity apps they need to do their jobs, as well as periods of insecurity after staff have left but may still have access to boohoo.com systems.
Prior to Okta, entering a user into a directory as a result of picking up a ticket from HR took up to 30 minutes of IT time and was batch processed every two weeks. These 1,667 new joiners a year created a 500-600 hour cost burden for IT that Okta 100% automated, saving one-quarter of a full-time employee’s (FTE) time doing manual and repetitive work from a team already overstretched due to Bohoo’s rapid growth.
After new joiners were onboarded into boohoo’s directories, they needed to be provisioned to the birthright apps required to do their jobs. On average, users had roughly six apps they needed immediate access to, taking between 20 to 30 minutes for each app, creating a further burden to the IT team of 3,334 hours. Okta was pre-integrated for lifecycle management to half of Boohoo’s birthright apps and is saving 50% of the birthright provisioning burden, roughly equivalent to one FTE’s time.
New joiners felt the difference straight away, with immediate access to their apps on day one.
Securing systems access with SSO and MFA
When it comes to security, Single Sign-On (SSO) and Multi-factor Authentication (MFA) enable boohoo.com to verify staff identities and provide secure access to its internal IT environment. Prior to Okta, workers were able to log in to the boohoo.com VPN without any authentication protocols in place, Now, users are prompted to verify their SS0 identities in a manner that’s appropriate to their level of access, security needs, and technical expertise and Bohoo has applied geographic IP blacklisting to increase security.
Before Okta, MFA prompting was done for birthright apps but at the app level, instead of at the SSO level, so users were prompted six times a day. Now, boohoo.com colleagues are prompted once every 12 hours on average to confirm their identity, primarily via SMS, for that day’s working session to all their apps. Okta’s MFA policies and SSO level MFA has removed five of the previous six prompts, or 83% of prompts a day. And it doesn’t add any additional burdens to the technology team, with password resets managed through Okta and its self-service capabilities.
“Before Okta, I didn’t have the full confidence to feel totally comfortable with our security,” adds Leroy. “SSO and MFA allow me to rest easy, knowing that we have end-to-end protection and have helped to plug any potential gaps in our defences. The butterflies in my stomach are no longer there.”
Sweating Okta assets to meet tomorrow’s challenges
boohoo.com has worked closely with both Okta and Bytes to ensure that its Okta setup is able to meet the company’s current and future needs. The first phase of this work saw boohoo.com increase JML and M&A efficiency through LCM and HRaaM processes, implement zero trust security with SSO and MFA capability and begin an ongoing process of infrastructure modernisation. Looking to the future, Leroy and the team already have a number of plans to get even more out of Okta and will be meeting more frequently with Okta Professional Services to receive strategic advice on how best to achieve them.
In the coming months, they will be launching a new phase of deployment which will see them spend time with business units across the company to assess additional apps and services that can be further automated. They believe that this process will result in greater oversight of JML processes, as well as cost efficiencies from better clarity over licence management and other spending. They’re also hoping to further explore how Okta Workflows can help them to gain further efficiencies, as well as zero touch deployments of laptop and other devices.
“We’ve come a long way with Okta in such a short space of time, but we know there’s even more we could be doing,” Leroy says. “We really want to sweat our Okta assets to drive effectiveness and efficiencies for my team and the wider business, while delivering great user experiences.”