Putting the house in order
Bazaarvoice was built on the idea that brands can harness customer voices to influence product sales and development, and build loyalty. The Bazaarvoice technology platform creates a network between brands and retailers. It allows consumers to search for and share opinions, questions, and experiences with products and brands, and it gives retailers and brands ways to gather and use that consumer-generated content to make informed business decisions.
The company started out in 2005 with a great idea and a “just build it” attitude. But along the way, they began acquiring competitive technologies and bringing disparate apps together under one roof. Bazaarvoice IT brought in Okta in 2012 initially to help unify employees onto a single identity management platform. They started with a Salesforce-Okta implementation, quickly added Workday, and before long, their list of Okta-integrated internal applications included NetSuite, Concur, Box, WebEx, and GoToMeeting, among many other best-of-breed applications.
Around the same time, the company migrated to Office 365 from Microsoft Exchange and implemented the typical Microsoft identity stack, including Active Directory Federation Services (AD FS) and DirSync to manage the transition. Shortly after that, they had their first outage—and came face to face with the limitations of AD FS. “The platform is pretty good for what it does,” says Justin Reneau, lead systems engineer for Bazaarvoice, “but it has a lot of constraints. Troubleshooting is very hard to do.”
Within a year Bazaarvoice replaced AD FS and DirSync with Okta. Okta’s deep integration with Office 365 helped drive the decision, along with the fact that Okta is a leader in the identity space. Today, with Workday as the master, Active Directory is just a consumer of profile data, says Reneau. Outages are no longer a problem. With fully automated provisioning from Workday through Okta to the whole Bazaarvoice software stack, new employees get the apps they need on day one, and IT can focus on core business requests.
IT also added multi-factor authentication (MFA) for enhanced security. Reneau no longer worries about ex-employees having lingering access to company data. “Okta has really helped us be more compliant with federal regulations,” he says. “With our provisioning workflow, it’s almost impossible to have a miss now. We’ve put our house in order.”
A client-facing challenge
Internal identity management was only the beginning for Bazaarvoice. The company continued to grow quickly, and today, they have more than 6,000 clients in 80 countries. Bazaarvoice acquired more solutions, more client apps and, along with those apps, more client credentials. Each new technology came with its own full stack, so that eventually Bazaarvoice owned many technology silos that didn’t connect to each other.
Senior product manager Michel Mongeau estimates that the 75,000 client accounts the company currently manages represent only about ten or twelve thousand individual client users. Every time a user decides to try a new Bazaarvoice service, she is asked to set up a new account—so one person can end up with five or ten different Bazaarvoice passwords. It’s certainly a testament to the value that clients place on Bazaarvoice services—but not exactly the ideal situation.
Mongeau is charged with consolidating all those credentials into a single profile so that when clients log in they’re recognized throughout the Bazaarvoice ecosystem. While client usability is a significant driver of the consolidation initiative, there are internal reasons, as well.
“Part of the challenge is communicating with clients effectively,” says Mongeau. “If you have 12 accounts representing yourself across our systems, we have potentially 12 different ways to communicate with you.” Bazaarvoice marketers need to make sure that, rather than spamming clients with 12 disconnected emails, they understand clearly how clients are using Bazaarvoice services. With a single view of each client, marketing could send messages that would be more relevant and valuable.
Another driver is security, and compliance with regional data storage regulations. Personally identifiable information needs to be stored in the same region as the person it belongs to, says Mongeau. “We set up regional clusters to make sure that we respect those laws.”
But storing and managing a growing amount of client and client-customer data with disparate systems in place is an increasingly complex endeavor. Bazaarvoice needs to be able to set account rules globally across those systems, while allowing flexibility for different clients. “Somebody who is in a financial institution, or a pharmaceutical, will require a different level of security than a retailer,” says Mongeau.
Evaluating the options
Mongeau is building an identity and authentication platform that every Bazaarvoice application developer can use—tying the company together through a centralized set of API-enabled services. That way, developers won’t be reinventing the wheel every time they set out to build another client application.
He and his team were familiar with Okta because the company was already using it internally, but they wanted to conduct a thorough evaluation of all the options. They looked at other identity management services, as well as open source solutions.
“When we started looking at solutions to centralize identities, we wanted to make sure we hit a few key features and functionality,” says Mongeau. “One was the security of the data. For us, security is paramount.”
They needed to make sure that personally identifiable information would be kept secure from unauthorized access, but available when required by clients or customers. “Availability was number two, but only because security is always number one,” says Mongeau. “When a client needs a piece of data, or they find out that a certain review creates a liability issue, we need to make sure they can access the system.”
What was number three for Bazaarvoice? Scalability. “We need to make sure that as we grow our business—as we go from 10,000 users to, say, 40,000—that the system that is managing our identities can support that,” says Mongeau.
The team tackled the identity management provider decision from both a business and developer perspective, he says. “We wanted to make sure that developers felt comfortable with the technology—that it was scalable enough, that the coding, the standards all made sense to them—but also from a business perspective, the requirements were met.”
Okta was the only solution that made the cut. “There was one competitor that stood out,” says Mongeau, but they didn’t rise to Okta’s level. “The alternative was to build it ourselves through an open source solution,” he says, but the time to market would have been much longer.
“Essentially, it’s a buy versus build situation,” he says. “For us, it made sense [to go with Okta] because we could keep our R&D around the development of consumer-generated content. Bazaarvoice’s core business is not identity management.”
The first line of defense for authentic, consumer-generated content
Essentially, Bazaarvoice is extending their internal identity platform to external clients. “We are using Universal Directory to store and define user attributes,” says Mongeau. Bazaarvoice also relies on Okta for user authentication, and is implementing multi-factor authentication as an option. “At Bazaarvoice, authenticity is one of our pillars. Because we are exchanging data between consumers, brands, and retailers, we need to ensure that that data is as real as possible.”
In the world of consumer-generated content, it’s critical that published content represents real consumer sentiment. To that end, Bazaarvoice employs moderators to ensure that every piece of content is read and evaluated for authenticity. Okta provides a first line of defense for those moderators, making sure that everyone accessing the system is who they say they are.
The value goes beyond client and consumer confidence. “Ultimately, what is really cool about Okta is that we have been able to connect our internal users with our external applications,” says Mongeau. Bazaarvoice employees can now access client insights, generate client reports, and send out client email alerts from the same portal they use to log into Workday or Concur.
A flexible, client-driven future
As Bazaarvoice onboards client users onto the newly connected apps, the IT team is looking at Okta’s inbound federation capabilities, which could allow clients to sign in with their own identity provider. Federation would simplify user management for clients, says Mongeau, and allow Bazaarvoice to step away from user authentication and data storage responsibilities—at least when it comes to the 590M+ consumers that touch the company’s apps every month.
The team looks forward to increased flexibility in how clients can implement features, such as multi-factor authentication or mobile access. “We definitely plan to leverage Okta’s new functionality as it comes out,” says Mongeau. “Deploying it will ensure that we can keep clients satisfied.”
Satisfied clients, as we all know—that’s why we’re here in the first place.
About Bazaarvoice
The Bazaarvoice shopper network connects more than 590M+ consumers every month to thousands of retailers and brands. Bazaarvoice clients engage consumers online, in-store, and via mobile devices with industry-leading solutions that include targeted advertising and authentic consumer-generated content, such as ratings and reviews, curated photos, social posts, and videos.