A modern Identity infrastructure for a modern bank
Varo Bank, has grown rapidly in recent years. In its mission to make financial opportunity more accessible, it is the first fintech company in the US to earn a bank charter from the Office of the Comptroller of the Currency (OCC).
Varo needed to support its growing workforce, tightly manage security, and meet compliance expectations. It saw an opportunity to address these needs with an Identity and Access Management (IAM) solution and started its search for an identity partner.
The company needed to build a new, consolidated IAM infrastructure that had clear systems for lifecycle management as well as ongoing and ad-hoc access requests in one place. Varo worked closely with Okta on this design, so it could continue to scale quickly and securely.
Architecting a single source of truth
Varo knew a secure, single source of truth would make managing and governing access efficient, while providing a clear way to demonstrate compliance for auditors. Consolidating its identity management into a single solution meant eliminating identity silos and providing a single control plane for all access controls across the organization. With these changes, Varo could improve end-user productivity and reduce IT workloads.
To accomplish this in a short period of time, Varo turned to Okta Identity Governance (OIG). With OIG, the company was able to ensure it was compliant with the financial regulations that came with its designation as a bank. “We had an audit in three months, and we needed support. We were able to get access controls up and running using Okta in two days,” said Sean Brandom, IAM Engineer.
Initially, Varo connected Okta to Active Directory as it phased out its previous SaaS management platform. However, the company saw the opportunity to make its onboarding and offboarding more efficient by centralizing on Okta. Implementing OIG prompted Varo to move from Active Directory to Okta’s Universal Directory, a cloud-based directory that more easily integrates with a wide variety of applications.
This new infrastructure enabled Varo to integrate Okta directly with its human resources software, BambooHR, so any changes to employment statuses—including hires, terminations, and role changes—are immediately reflected in Okta. “Now when any metadata changes in BambooHR, it's changed in Okta. That accuracy is invaluable for us,” Brandom said.
Within one month, Varo gained clearer visibility into its applications. The security team previously knew of nearly 50 apps in use across the organization, with Okta. “We needed to avoid shadow IT,” Brandom said. “Now, everything is behind Okta. We have this massive mitigating control and confidently share with auditors that risk has been mitigated.”
Automating complex lifecycle management
With a single source of truth, Varo can now easily automate onboarding processes to ensure least privilege access and remain compliant. Prior to Okta, when an employee started, they were provided a baseline of applications that IT deemed necessary, and managers had to manually request role-specific access on a case-by-case basis.
Varo now uses Okta Workflows and Okta Lifecycle Management to automate identity lifecycle processes and find new ways to integrate more of the company’s resources. “Okta Workflows gives us a built-in, no-code solution, so we don’t have to learn new automation tools,” said Brandom. “Plus, since all of our automations are built in Okta, we know it can handle interactions with its own APIs. We no longer have to worry about third-party applications not connecting properly.”
Automating provisioning has reduced onboarding time for new employees by more than 90%. Meanwhile, a series of manual tasks shared by two technicians and 12 employees across two weeks now takes one employee a single day to complete.
Driving governance efficiencies
Varo was able to automate its role-based access controls (RBAC) for employees joining, moving, or leaving, but it also needed a clear process for managing and documenting ad-hoc access requests for short durations or on-off projects.
Using OIG, Brandom and his team were able to build self-service approval flows so employees can submit temporary access requests, with all documentation captured within OIG reporting. “When we adopted Okta Identity Governance, we changed our entire infrastructure to meet Okta’s vision of Identity Management because we knew it would work for us,” Brandom added. This expedites the process for requests and simplifies the approval process for team leads. “In the past, requests could take months, but now they’re done with a click,” said Brandom.
By establishing time-bound ad hoc access and relying on role-based access controls, Varo has reduced the scope of recurring certification campaigns. By centralizing the certification process with OIG, access certifications are being completed 50% faster, enabling leaders to focus on more strategic work. “It's much easier and more important than the time savings. It's about quality of life for our leaders,” said Brandom.
Putting people at the forefront of Identity Management
As an early adopter of Okta Identity Engine, Varo sees new opportunities to build IAM processes as it grows. Varo is turning its focus toward optimizing the end user experience, using phishing-resistant authentication with FastPass and cross-device access management with Device Access. These solutions, combined with Okta’s growing suite of AI features ensure Varo has the tools and support it needs to meet future challenges.
“For Varo, Identity Management is all about the user experience,” said Brandom. “We want new employees to log into their laptop on their first day, with a single password, gain access to all of their tools, and be ready to work. We know it’s possible with Okta.”
About Customer
Varo is a bank with a mission to make financial inclusion and opportunity a reality for all.