NTT DATA accelerates onboarding and simplifies M&A with Okta Workflows

Burdened with a complex, scattered Identity infrastructure, NTT DATA needed an agile solution that could scale. The global IT service and consulting provider began their journey toward using Okta — as many do — in an attempt to streamline an increasingly complicated and cumbersome Identity infrastructure. 

“Ten years ago, our Identity strategy for NTT DATA was lots of Active Directories. Lots of Office 365 environments. A whole lot of SQL tables and Perl scripts to get this all to work. And even more headaches,” Jim Ouellette, Senior Security Director at NTT DATA Americas, says.

Workforce Identity isn’t just about the first few moments of the working day, when the user types in their username and password and brews a fresh pot of coffee as their laptop starts to load. For NTT DATA, Workforce Identity is about securing over 400 SaaS apps, more than 50 custom-made applications, and over 80 on-premises systems every day, all day. 

Because NTT DATA’s Identity infrastructure was scattered and disparate, the cost of developer time was growing, and managing and governing these apps was time consuming. 

In 2018, they started looking for an agile, cloud-based alternative that would modernize their Identity infrastructure and provide a structure that would allow for centralization and ease of maintenance. 

Okta allowed NTT DATA to create a hub-and-spoke architecture that was simpler, more resilient, and helped them scale. This simplicity allowed NTT DATA to unlock new operational efficiencies, driven primarily by the Okta Workflows automation engine. 

“Ten years ago, our Identity strategy for NTT DATA was lots of Active Directories. Lots of Office 365 environments. A whole lot of SQL tables and Perl scripts to get this all to work. And even more headaches.” — Jim Ouellette, Senior Security Director at NTT DATA Americas

Solution: A new Identity architecture, paired with Okta Workflows to accelerate onboarding and ease management costs

If you’re a jet-lagged, Samsonite-dragging, air-mile-collecting road warrior, you’re probably familiar with the hub-and-spoke model. It’s used extensively by full-service airlines like United, Delta, and American. 

Delta, for example, has several interconnected “hubs” where most of its flights depart (like Atlanta, JFK, and Seattle). The “spokes” are the flights departing from those hub airports. The model allows for more efficient connections for passengers and greater operational efficiencies for airlines. A similar model can also work in an Identity context — particularly for larger organizations that serve multiple regions or have business units with unique needs. 

In the case of NTT DATA, here’s how their new architecture worked:

• First, the hub: This is the primary source of identities and workflows for the entire organization. When a new user joins the organization, this creates the unique identity and email they’ll need to access the applications and systems essential for their role. 
• These unique identifiers then cascade — using a custom Okta workflow dubbed “The Meat Grinder Workflow” — to the “spokes,” each relating to a unique legal entity within NTT DATA or a CIAM environment. 
• Each spoke handles access management for the applications required by that particular business unit, entity, or use case. 

NTT DATA’s new model allowed for the centralization that was so sorely lacking from their previous approach. With custom business logic created using Okta Workflows and emanating from the central hub, there was no need to maintain a dizzying array of custom scripts — each requiring its own version control, hosting, and DevOps support, and each written and created using multiple different programming languages and scripting utilities.

Simplified mergers and acquisitions

Since their emergence as an independent entity, NTT DATA has embarked on an aggressive process of expansion driven by mergers and acquisitions (M&A). While it can provide commercial opportunities and advantages, integrating these entities into the NTT DATA family once presented a formidable technical challenge. 

“The problem usually looked like this: A newly acquired company wasn’t ready to be onboarded onto our HR system. Therefore, there’s no source of record for the employee that could be provisioned through our current life cycle management (LCM) system. These new employees need to be productive from day one, so how do we onboard them without having to manually create accounts — and preventing duplicate or conflicting accounts,” Ouellette says.

By default, Okta makes this process straightforward. It provides out-of-the-box tools for domain consolidation, account migration, and automated app provisioning. But it also gives organizations the flexibility to build upon these foundations, crafting solutions that fit their unique operational needs. 

NTT DATA went down this path, creating a tool dubbed OnePlatform. “[This] is our in-house development platform that is the foundation for all our custom Identity support needs. It’s based on Okta Workflows and custom APIs. When someone raises a new requirement around Identity, we build a new module on OnePlatform for all the various teams and entities that we support,” Ouellette says.

OnePlatform has also radically shortened the onboarding time for new acquisitions. One component — the Digital Front Door (DFD) — allows employees joining the company through M&A activity to gain early access to the systems they need while minimizing both security risks and administrative headaches. 

Based on Okta, OnePlatform’s DFD feature allows nominated admins to provision and migrate ahead of time. The DFD lets admins provision applications based on the user’s role, and workflows are used to manage the account lifecycle, with workflows automatically suspending those belonging to users who didn’t join the new entity. 

This approach has proved dramatically more efficient than the one it replaced, where HR personnel would create a “skeleton record” or contractor for each new employee, inevitably resulting in duplicates that needed to be merged or deleted.

“These new employees need to be productive from day one, so how do we onboard them without having to manually create accounts — and prevent duplicate or conflicting accounts?”

How Okta Workflows reduced headaches at scale for NTT DATA

NTT DATA is a large, complex organization. They’re also a business for whom Identity isn’t merely a mechanic for how individuals access systems and applications but is core to its operations. The organization manages over 550,000 identities and one million email addresses — each belonging to teams, individuals, and applications. 

“When you’re working in disparate environments, you run into the problem of account information being deleted from one system but not another. And then people just give up, and then you have audit issues. Okta solved this for us.”

Despite facing the challenges of size and complexity, NTT DATA has managed to craft a solution that’s scalable and manageable and allows them to accelerate and simplify their day-to-day operations. 

By taking the sturdy foundations of Okta Identity Cloud and modifying it through Okta Workflows, NTT DATA has reduced the time it takes to onboard a new customer from three days to just four hours. Deprovisioning a user takes less than 30 minutes instead of weeks or months.

And Identity-related support tickets are now resolved in as little as three hours rather than several days. Whereas, previously, NTT DATA would have to exchange emails and phone calls with an employee (who might be in a different timezone or region), now they can simply look at the logs, find the problem, and fix it.

“When you’re working in disparate environments, you run into the problem of account information being deleted from one system but not another,” Ouellette says. “And then people just give up, and then you have audit issues. Okta solved this for us.”

Okta Workflows makes it easy to automate Identity processes at scale — without writing code. For more information on how Workflows can help you navigate challenges of lifecycle management, application provisioning, and account management, check out the following resources:

Video: Getting Started With Okta Workflows — Building Your First Flow

Guide: Getting Started with Okta Workflows

Product Page: Okta Workflows