Demandbase: Turning Identity governance into business efficiency

"With OIG, employees have full visibility into the approval flow. They can actually Slack directly or within the access request thread with their manager or with security to determine what’s holding up their access request. For managers, they don’t need to leave the same Slack app they’re already working in to review and approve the request, which really speeds things up."

Nathan Espiritu,

Systems Engineer, Demandbase

An evolving business environment demands a mindset shift

Demandbase’s IT and security organization sees itself as a core facilitator of the organizational mantra of efficiency, considering it to be one of its most crucial outcomes. Demandbase has long recognized the importance of choosing an Identity partner that integrates across its broad technology environment and has been an Okta customer since 2015. 

In that time, the team has seen how critical identity can be to drive workforce productivity with simple end-user experiences and well-orchestrated identity management.

“We’ve built out a role-based access control that allows employees to pretty much get what they need based on their position within the company,” said Trung Nguyen, Demandbase’s Director of IT and Security.

Trung also recognized how important strong identity management is in limiting that access to avoid over-permission: “At the same time, we’ve worked hard to limit access by default to maintain appropriate permissioning.”

Challenge: Building the foundation for growing efficiency

Demandbase has relied on Okta Lifecycle Management for automating provisioning and deprovisioning for employees, but as the resource surface area and business demands have evolved, birthright access has proven to no longer be enough.

Nguyen and his team saw a massive influx of one-off access requests coming into the IT organization, with upwards of 200 requests monthly. “Out of all the help desk tickets we get, access requests were by far the biggest number,” said Nathan Espiritu, IT systems engineer at Demandbase.

While the manual process of provisioning may have taken up time for Espiritu, it was the time wasted on access request approvals that impacted the business the most. For every access request ticket that was submitted, an email correspondence with managers and security was required to approve a request and provision access. Demandbase’s organization relies on Slack more than email as a means of communication and collaboration, which left access requests languishing unapproved and unnoticed.

Nguyen put it simply: “Our business goal is to drive the most productivity possible across our organization … If it’s taking an engineer three, even four days to get access to a resource to get their jobs done? That's way too long.”

While access requests presented an expediency challenge in business productivity, certifying access was pulling the IT and security team away from more strategic automation outcomes and opening the door to possible manual errors.

Between pulling identities and transferring to spreadsheets for manual approval, Demandbase was spending six hours every quarter to track certifications, but that still left the removal of anyone whose access was revoked from a given resource.

The lack of automated deprovisioning after access was revoked left Demandbase with the constant concern of whether every revocation had been carried out fully, risking potential lapses in compliance.

“The scary part was going through and manually revoking access, moving dozens of users in and out of groups in order to carry out the proper action, said Nguyen. “As much as saving time matters, the bigger concern was the potential for human error.”

Results: Finding efficiency without sacrificing security

Demandbase implemented Okta Identity Governance, relying on the bundled offering of Lifecycle ManagementWorkflows, and Access Governance to make life easier on end users while still delivering compliant, least privilege security.

Demandbase was able to start moving its access requests process to Okta Identity Governance in March, and has already seen a significant shift in how its workforce requests ad hoc access to resources. In a little over two months, over 300 requests have come through via Access Requests and its Slack integration. Managers and security team members are being notified via Slack that they have request actions to take, requesters are getting visibility into the request flow process, and Nguyen’s team is dramatically improving its access request fulfillment rate. While Espiritu may have previously spent considerable time being asked why access hadn’t been granted or chasing managers, IT can now simply build the request workflow and let Okta Identity Governance handle the rest.

In a little over two months over 300 requests have come through via Access Requests and its Slack integration.

“With OIG, employees have full visibility into the approval flow,” said Espiritu. “They can actually Slack directly or within the access request thread with their manager or with security to determine what’s holding up their access request. For managers, they don’t need to leave the same Slack app they’re already working in to review and approve the request, which really speeds things up.”

Demandbase has a goal of making 90% of its resources within Okta requestable through access requests by the end of the quarter. 

“We’re looking forward to training up the rest of the company to rely on access requests for pretty much everything,” said Espiritu.

Demandbase’s Northstar of efficiency is already being helped by Access Requests, while its mandate for compliance is benefiting from Access Certifications.

While the team continues to fine-tune the customizations around its certification approach, the early returns highlight two key outcomes for Nguyen and Espiritu. 

First, they’ve been able to move out of spreadsheets and centralize their access certification reporting. Instead of downloading a group of users from a resource and transferring to a spreadsheet, the team can simply build a certification campaign for the group or groups in Okta, saving some time and response headaches.

Second, thanks to Okta Identity Governance’s automation capabilities, access revocations are carried out without manual processes, avoiding potential miscues and keeping Demandbase in compliance.

Demandbase is continuing to find ways to get value out of Okta Identity Governance, adding more resources to access requests and deepening their adoption of access certifications, potentially looking towards Workflow templates to extend and automate more across the Workforce Identity Cloud. 

About Demandbase

Demandbase is a leading account-based marketing (ABM) platform that empowers businesses to target and engage with their most valuable accounts. With its innovative solutions, Demandbase has established itself as a key player in the marketing technology landscape, enabling over 1,000 businesses to grow and deepen their customer relationships. Demandbase has grown rapidly in the last few years, with a distributed workforce of over 1,000 contributors. 

As a technology business itself, Demandbase has recognized how critical it is for innovation to exist throughout its organization, and its workforce is empowered to solve problems with an efficiency-focused Northstar. 

Continue your Identity journey

Get hands on with the free trial today, or get in touch with our team to discuss your unique needs.