Oxfam: Using Okta to Keep Apps (and People) Connected
affiliate organisations connected via the Okta Identity Cloud
countries accessing core apps including: O365, Box, Workplace by Facebook
See More from Oxfam :Blog Entry Learn more Oktane17 Presentation
- Missed connections
- Collaboration in the cloud
- A secure solution
- Better together
Until 2014, the 20 affiliates that make up Oxfam International were all operating with their own active directories—and no federation at all. This made it difficult for each of the affiliates and its members to collaborate across geographic or organisational boundaries. Oxfam knew that solving this challenge would present an opportunity to increase productivity and maximise donor funds.
Oxfam decided to modernise its IT infrastructure, and adopted a number of cloud-based apps that would allow its affiliates to share services. But the new apps, which included Box, Workplace by Facebook, ServiceNow, and Compass, needed an identity and security layer to pull them all together. That’s where Okta came in.
The organisation decided to adopt Single Sign-On, Lifecycle Management, and Universal Directory, which it rolled out at the same time Box was deployed across the organisation. This decision allowed Oxfam to use local security groups to facilitate the provisioning of access to Box, and then create simple access rules. After a successful deployment, Oxfam decided to integrate its other apps as well.
After the new infrastructure was up and running, Okta Professional Services helped Oxfam make adjustments to the finer details. Now, users in different countries are able to share files and experiences, and Oxfam has reduced its overhead while increasing security and productivity.
Identity is at the center of Oxfam collaboration
Oxfam creates lasting solutions for hunger, poverty and social injustice with over 8,000 employees and 72,000 volunteers in 92 countries globally. Okta plays an instrumental role in delivering seamless, secure access to Oxfam’s stack of solutions that tie all 20 affiliate organizations togethers with the goal to provide a digital identity to every one of Oxfam program participants.
We work with 5,800 partners in the countries where we deliver our programmes. I think it's absolutely crucial that, just like Oxfam, these organisations get access to the technologies and tools that will help them increase their impact. I'm really excited about Okta and the technology community's ongoing engagement with our sector to deliver these technology solutions.
Grant Holton Picard, Enterprise Architect for Oxfam International
A call for collaboration
Did you know that the world’s eight richest people share the same amount of wealth as the poorest 3.6 billion people? Respected non-profit Oxfam International is well aware—and it’s working hard to eradicate the poverty that plagues so much of our global population.
As a confederacy of 20 different affiliate organisations, Oxfam finds strength in numbers. But when those affiliates work in 92 different countries (everywhere from Yemen to Brazil to Kiribati), it can be difficult to bring people together to share information and ideas.
No matter which individual project these affiliates are working on, and where they’re doing it, all affiliates are working towards a common goal of eradicating poverty by addressing inequality, discrimination and unequal access to resources like food, water, and reasonable employment. But traditional geographic and organisational boundaries made it difficult for everyone to work together—especially since each of the 20 affiliates were operating with their own active directories and no federation.
In 2014, Oxfam started looking closely at the communication challenge. Not only did the organisation want to make it easier for affiliates to collaborate, it also wanted to increase IT productivity and security—which would ultimately allow it to stretch donor dollars farther.
“We felt some time ago that we could maximise the impact of our donor money—which is very, very important—through the use of shared services,” says global chief information officer Michael Duggan. “Of course, these shared services depend enormously on technology, and this led to an understanding that we would need to deliver shared IT services across 20 unique organisations with unique technology stacks.”
For Duggan, the cloud was the obvious next step to take Oxfam to new levels of agility and effectiveness. But security was also a concern. “In a world where 90% of all security threats are actually internal and tend to come from employees or those that have been given access to our systems,” says Duggan, “we need to have a very strong identity management solution.”
Oxfam tackled their file-sharing challenge first—which it quickly solved with Box. But before rolling it out, the IT team wanted an identity solution in place. “We needed something that would allow us to quickly, easily, and securely connect 20 independent directories to a central identity management source,” says Duggan. “And it needed to work with our current active directory environment and our processes.”
“There was a small handful of products that had native integrations with Box, so we looked at three products,” adds Grant Holton Picard, Oxfam’s Enterprise Architect. “Okta stood out for us; it met our requirements and we thought we’d be able to get it up and running quite quickly.”
After selecting Okta Single Sign-On, Lifecycle Management, and Universal Directory, Oxfam rolled out Box and Okta together, beginning with a small pilot of about 90 users in South Africa. With five Oxfam affiliates of different sizes running in the country at the time (four with Active Directory and one without) it was an ideal place to test the new IT solutions. The pilot also gave Oxfam a chance to get familiar with the deployment processes before rolling it out to more users.
Oxfam was also able to tap into the Okta for Good, initiative designed specifically for non-profits. “You can try Okta without getting locked into a commercial contract, but you’re still able to access support. And the support staff was incredibly helpful and incredibly friendly” says Holton Picard.
The responsiveness of the support team particularly impressed Holton Picard. “Within an hour or two, we always get a response that acknowledges a request has gone through. And when the technicians work on some of the trickier challenges, they own them and work them right through to completion.”
A connected workforce
“Once we got Box to scale and had the services up and running, we were able to move ahead quite rapidly with new products as they came along,” says Holton Picard. Oxfam’s IT team started with Workplace by Facebook, and from the moment it was first introduced as an idea, it only took six months to fully deploy the app.
Oxfam also created a Drupal-based intranet called Compass. This time, it couldn’t connect Okta using an out-of-the-box connector, but Okta’s API capability saved the day. It allowed Oxfam to do the development it needed to provision users out of their Active Directories, through Okta, and into Compass.
Oxfam capped the whole thing off with ServiceNow, an app that was already being used by one of its larger affiliates, Oxfam Great Britain. Using the ServiceNow connector in Okta, it was able to quickly roll the app out to everyone else.
Now, for the first time in Oxfam's history, it’s able to provide services to staff members without being limited by geographic or organisational boundaries. And it's the first time they’ve been able to access those services using their local identity.
From an IT point of view, the best part of Okta is that we can easily provision and deprovision our user accounts, both into Okta and to the established services.
“From an IT point of view, the best part of Okta is that we can easily provision and deprovision our user accounts, both into Okta and to the established services,” says Duggan. “It's automated, so we can quickly get accounts into the system and get people up and running, plus we’re easily able to remove their permissions from the system when they leave the organisation. And that's just fantastic. It really reduces our overhead, while maintaining our security.”
Looking to the future
Of course, Oxfam isn’t done yet. Now that it’s become easier for each of the affiliates’ users to stay connected, the organisation wants to grant partners, supporters, and volunteers access to some parts of their Digital Workplace stack using Okta as the identity access layer.
“Our goal is to provide a digital identity to every one of our programme participants,” says Duggan. “In a world where more people have access to Internet than clean water, that will provide us with the mechanisms to deliver more effective programming, whether that's through electronic cash or through performance feedback from programme participants so that we can be a better, more responsive Oxfam.”
Duggan sees the technology community as a valuable partner in taking these next steps.
“Oxfam is one of the largest NGOs in the world,” he says. “However, we do work with 5,800 partners that are working in the countries where we deliver our programmes. I think it's absolutely crucial that these organisations get access to technologies and tools that will help them increase their impact. I'm really excited about Okta, and the technology community's ongoing engagement with our sector to deliver these technology solutions to our hugely under-resourced partners.”
About Oxfam International
A world leader in the delivery of emergency relief, Oxfam International also implements long-term development programmes in vulnerable communities. They are part of a global movement to end unfair trade rules, demand better health and education services for all, and to combat climate change.