Siemens Mobility Services Improves the Customer Experience with Okta
Apps secured by Okta, including AWS, Azure AD, O365, and ServiceNow
Outages since implementing Okta
- The drive to modernise
- A successful demo
- Deployment success
- A reliable, flexible platform
Siemens Mobility Services provides customers with a state-of-the-art analytics and monitoring portal used to track vehicles and troubleshoot issues. But in order to eliminate outages, limit overhead costs, and reduce time-to-market for new products and features, the company realised it would need to modernise its on-premises infrastructure by moving to Amazon Web Services (AWS). To do this, Siemens Mobility Services needed a strong identity provider.
The company started looking at traditional identity service providers, but they were too complex to implement, expensive to maintain, and they introduced additional downtime risk. After consulting with AWS, Siemens Mobility Services tried an Okta demo. Delighted with the built-in dashboard and pre-built integrations, the company decided to purchase a range of Okta products.
For the deployment process, Siemens Mobility Services partnered with UniCloud, our added-value distributor, which specialises in digital identity solutions, including Okta. UniCloud helped Siemens Mobility Services implement SAML and OpenID Connect, and integrate Okta with all its major applications. Before long, all users were migrated into Okta’s Universal Directory and protected by Okta’s Single Sign-On and Multi-Factor Authentication solutions, which simplified and secured access to the apps they use most.
With Okta in place, Siemens Mobility Services has completely eliminated downtime, which means its customers can always access the information they need, whenever they need it. By reducing overhead and maintenance time, the company is also able to focus on the things that matter most—the customer experience, and a reduced time-to-market. Best of all, these goals have been achieved without compromising security or usability.
We really like Okta’s availability. We haven't experienced a single instance of downtime since we deployed the service. This is really important for us because all of our customers use Okta as a central identity provider or a user portal, so it's really business-critical for us to ensure availability.
Friedrich Gloeckner, Team Lead Architecture and Software Development, Siemens Mobility Services
- Unified, streamlined experience
- Increased visibility into access requests and analytics
- Lower cost-of-ownership
- Improved reliability
- Modernised environment that’s approximately 80% cloud
- Simplified deployment with access to a wide array of pre-built integrations
- Reduced helpdesk requests due to lost and forgotten passwords
- Flexible, ISO 27001 certified security that meets Siemens’ stringent standards and guidelines
- 30-50% reduction in unplanned maintenance for customers
Keeping customers on track
As cities continue to grow and transportation infrastructure becomes more complex, it’s increasingly important for mobility operators to be able to track trains and vehicles, resolve delays, and correct infrastructure defects as quickly as possible. For many of these operators, Siemens Mobility Services is a valuable partner in their efforts to enhance the passenger experience and minimise interruptions.
“Ensuring efficient transportation is a key challenge for cities and mobility providers,” says Friedrich Gloeckner, Team Lead Architecture and Software Development at Siemens Mobility Services. “Our goal is to make their assets smart, sustainable, and more attractive.”
The company’s digital services department has a more specific mandate. According to Gloeckner, it’s the digital services department’s responsibility to “develop and implement the latest and greatest technology for rail maintenance and operation use cases, and to integrate, monitor, optimise, and analyse train and infrastructure assets.” The overall goal? To provide customers with reliable, secure access to critical insights with no downtime.
Rail assessments used to require inspectors to spot problems by reviewing video footage or physically assessing the tracks. This approach was not only expensive, it was also time-consuming--and there was plenty of opportunity for human error. It certainly wasn’t ideal in an industry where it’s critical to keep everything running on schedule.
Now, Siemens Mobility Services customers can detect issues using a video analytics app that uses machine learning to assess HD video recordings to spot defects more quickly and accurately. Better yet, when the app detects a problem, it automatically issues a work order for repair. The app, called Video Track Inspector, is available through Railigent, a centralised cloud-based application and analytics platform with AWS at its core. The platform was developed by Siemens in an effort to help mobility customers avoid unscheduled maintenance and decrease infrastructure downtime. “It's like a one-stop shop for rail and monitoring analytics software,” says Gloeckner.
If the user is a fleet manager, for example, they can sign-on to Railigent using a single set of credentials. From there, they’re able to locate and check the operational status of their trains. If they discover an unplanned outage, they can troubleshoot the issue--and they can do all of this without ever leaving Railigent. Mobility operators can even rely on Siemens Mobility’s analytics to predict when maintenance will need to be done. “This can help increase availability, and reduce maintenance and operations costs,” says Gloeckner. “That's what our customers really want.”
Getting to this point, however, required Siemens Mobility Services to significantly transform its IT environment. In 2014, the company was still relying almost entirely on a traditional IT environment with on-premises hosting and a number of large data centres. Siemens Mobility Services wanted to optimise the customer experience and create business value by speeding up its time-to-market for new solutions—and both of these goals were nearly impossible in a traditional IT environment.
Gloeckner confirmed this when Siemens Mobility attempted an on-premises version of Railigent. Gathering data in a siloed environment was incredibly difficult, and the on-premises components were time-consuming and expensive to build and maintain.
“That’s when we decided to move from on-premises operations to AWS so we could benefit from Platform-as-a-Service,” says Gloeckner. “It’s our overall strategy to use Platform- and Software-as-a-Service solutions to reduce our total cost of ownership where possible—because my major goal is to focus on my team and our business mission, and to generate value for our customers.”
Building the new platform on AWS allowed Siemens Mobility to easily consolidate data, while also reducing maintenance and producing more accurate results. The company accomplished this, in part, by using a combination of AWS services to develop a data lake.
"For us, a major appeal of AWS is access to services like Amazon Elastic MapReduce (EMR), which gives us the ability to run Hadoop clusters of any kind, at any scale, on demand, with pay-as-you-go pricing," says Gloeckner. "Offloading this kind of operations work was an absolute requirement on our end, because we had experienced how complicated it was to run, update, and scale complex solutions like Hadoop in our own data center."
As an added bonus, AWS also makes it possible for Siemens Mobility to tap into the vast amount of IoT data housed on the platform and apply it to a wide variety of use cases.
"In our AWS data lake, we can store large unstructured datasets in Amazon S3 and use the Amazon Athena schema-on-read capability to create virtual tables for specific new use cases as needed," says Gloeckner. "Cloud services like Amazon EMR, Amazon S3, and Amazon Athena give us much more flexibility in dealing with data than would be possible on premises or even with other public cloud providers."
Putting identity first
Before Siemens Mobility Services could fully dive into a new cloud-based platform, the company realised it would need to shift its approach to identity. When Gloeckner started working on the Railigent project, he initially looked at a few traditional identity providers, but he encountered many of the same issues he experienced while deploying the initial on-premises platform.
“They all turned out to be extremely complex to deploy and, later, very cost-intensive to operate,” he says. “Whenever the software vendor offers an update, you have to reflect that in your custom implementation, which can cause downtime and necessitate additional testing."
The total cost of ownership was prohibitive too, especially when the company discovered it would need to dedicate two or three full-time employees to operate and maintain a traditional identity solution. “This is not what our strategy is all about,” says Gloeckner. “We want to focus on our business mission, and use a SaaS service to reduce total cost of ownership of underlying infrastructure and security solutions, wherever possible.”
Gloeckner began looking for a cloud-based identity solution, and after an intensive internet search and an in-depth discussion with AWS, he signed up for an Okta demo account.
“Within just a few minutes, we received this amazing demo, and discovered that Okta is not only an identity provider solution, it's also combined with a customer portal,” he says. “Okta’s more or less ready to roll out, and includes some important customisation options. This is when we really understood the power of the service. This is how it all began.”
Delighted by Okta’s ease-of-use and low operational costs, Siemens Mobility Services decided to purchase a range of Okta solutions, including Workforce Identity products (Universal Directory, Multi-Factor Authentication, and Single Sign-On), and Customer Identity products (Authorization, Multi-Factor Authentication, and B2B Integration).
When it was time for Siemens Mobility Services to start deploying its new Okta products, the company partnered with UniCloud, an IT provider specialising in digital Identity solutions
Coming from a traditional IT environment, Siemens Mobility Services wanted a partner that could help guide them through the process of implementing these new cloud-based solutions, and UniCloud was able to help bridge that gap.
“We love to cooperate with UniCloud,” says Gloeckner. “They have an excellent understanding of the Okta portfolio, which helped a lot, because when you're trying to implement SAML and OpenID Connect alongside a new identity solution, that’s a complex scenario, especially when it came to implementing OpenID for our mobile apps—that's where UniCloud helped us a lot.”
A unified environment
With UniCloud at its side, Siemens Mobility Services jumped into the deployment process. While the company wanted to maintain some of its on-premises components, Siemens Mobility’s goal was to reduce overhead by moving to a cloud-first environment. Now, almost all components have been migrated to AWS, resulting in a hybrid environment that’s approximately 80% cloud.
Siemens Mobility’s first step was to integrate its major applications with Okta. “We use it to secure our departments' entire development environment,” says Gloeckner. “That includes our AWS login, multiple AWS accounts, our secure login, and continuous integration and development tools like CloudCheckr, Jenkins, Nexus, and SonarQube.”
The company was able to save a significant amount of time and effort during the integration process by tapping into the Okta Integration Network’s wide array of pre-built integrations. Instead of spending hours writing new code and building custom connectors, Siemens Mobility Services was able to integrate apps quickly and easily.
Okta’s API Access Management simplified the deployment process as well by providing a modern API backend that integrates easily with AWS and provides centralised API administration.
“I’ve never seen pre-configured integrations for a AWS or ServiceNow in an identity solution before,” says Gloeckner. “Whenever an application integration was available for one of our use cases, we used it. Implementing a new application from scratch, and using one of these standard protocols is a complex process, but it’s significantly easier if a ready-to-use template is available.”
Siemens Mobility Services completed the Okta deployment by rolling out the rest of the new solutions in one phase. Single Sign-On was put in place to simplify the login process for users, and reduce downtime and helpdesk requests due to lost and forgotten passwords.
Due to the sensitive nature of its work, security is paramount at Siemens Mobility. Each IT component is selected or built to support a secure, open, and flexible cloud-first architecture. The entire environment is managed according to Siemens’ stringent standards and guidelines, and all operations processes are ISO 27001 certified.
The company takes a Zero Trust approach to security, protecting all endpoints and users with strong security tools and solutions. Multi-Factor Authentication (MFA) was deployed as part of the company’s overall security strategy, adding a flexible layer of security across the entire environment—including on-premises components.
“We have a lot of high-level IT security rules at the corporate level,” says Gloeckner. “We only use strong, market standard mechanisms, which means a username and password, always combined with multi-factor authentication for additional security. And whenever possible, we combine that with network-level access security.”
That includes a strong geo-blocking policy. “If you host a solution for a customer in Spain, it's not likely that someone from Austria or Australia will need to reach that solution,” says Gloeckner. “So we try to limit general access to a targeted geographical region, and then we implement strong authentication using protocols such as SAML 2.0 or OpenID Connect, which are basically the heart of Okta, from our perspective.”
“There's nothing worse than rolling out an industry-standard protocol in a way that opens doors for hackers,” says Gloeckner. “We rely on Okta, because it’s absolutely mission critical for Okta that no hacker attack is successful.”
Focusing on customer value
By implementing Okta on AWS, Siemens Mobility Services has built a secure, flexible platform that can be easily modified whenever there’s a change in company or customer needs.
“We’re continuously integrating new applications and business intelligence reports with the portal,” says Gloeckner. “We’re always helping additional customers access our services through Okta. And, of course, we’ve also implemented measures to delete or disable users who aren’t using our services on a regular basis.”
All of this can be done quickly and efficiently, which allows Siemens to invest more time and resources in bringing new solutions and products to market.
Downtime has been completely eliminated as well, which means customers are always able to track their assets and assess their infrastructure.
“We really like Okta’s availability,” says Gloeckner. “We haven't experienced a single instance of downtime since we deployed the service. And this is really important for us, because all of our customers use Okta as a central identity provider or a user portal. So it's really business-critical for us to ensure availability of that identity or security component.”
AWS helps Siemens Mobility provide customers with a better product as well. Because the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs are easy to use, everyone from developers and administrators to non-technical employees can access the data lake and other features. This access makes it easier for employees to decrease response times to customer inquiries, determine the best ways to meet customer needs, and make informed decisions.
Overall, customers have seen a 10-15% reduction in maintenance and energy consumption and a 30-50 decrease in unplanned maintenance.
When Siemens Mobility Services assesses a potential partner, it sets the bar high in terms of company culture and a commitment to customer service. Potential partners also need to be committed to providing strong SaaS solutions and services.
“We think modern software has to be integrated in a CI/CD pipeline, which means continuous service improvement is possible and that, from a customer perspective, it happens more or less automatically,” says Gloeckner. “This is exactly what we try to establish for our customers with our software, and we love to see that our partners act in the same way.”
According to Gloeckner, both Okta and UniCloud have met all these requirements and more. “Okta is really great at continuous service improvement,” he says. “We’ve seen a dozen major and minor service improvements, and it was always more or less an out-of-the-box experience for us. The company’s added features, but they’ve never broken anything on our end—and that’s not easy in the software business.”
It looks like Siemens Mobility Services and UniCloud have a long relationship ahead of them as well. “We have regular meetings with UniCloud where they show us new Okta features,” says Gloeckner. “It’s so nice when you’ve worked with a company in the past, and they know your use case. On our last call, they showed us a new automation feature on the Okta side and asked us what we thought. Now we’re evaluating the new feature, and we’re planning to use it. It’s just nice to work with them.”
Siemens is a global powerhouse focusing on the areas of electrification, automation, and digitalization. Siemens Mobility Services uses digitalization to enable mobility operators worldwide to make infrastructure intelligent, increase value sustainably over the entire lifecycle, enhance passenger experience, and guarantee availability.