BizReach seamlessly migrates over 1 million users to Okta
users seamlessly migrated to Okta authentication infrastructure
to complete migration with a 3-person engineer team
reduction in the cost of implementation and operation compared to proprietary development
“We compared and contrasted a number of products, but we chose Okta because it had the most extensive user migration functionality and because we were concerned that existing users would not be logged out during the migration process. We also evaluated security, availability, and support, and made an overall decision”
Mr. Shintaro Kikuchi, Head of Platform Development Dept. Recruiting Product Division
Strengthening management foundation to realize a “Career Infrastructure”
BizReach, headquartered in Shibuya-ku, Tokyo, operates a variety of IT-based services in the HR Tech domain, under the mission of "Bringing choice and possibility to your career”.
In an era of drastic changes in the social structure and labor market, where the conventional wisdom of how to work no longer applies, BizReach strives to achieve a vision of becoming a "Career Infrastructure".
“The Platform Development Department, established within the Recruiting Product Division, is responsible for the development of BizReach products. The Platform Development Department does not directly develop products for customers, but rather strengthens the functions and infrastructure necessary for product development in order to realize the career infrastructure in the future," said Shintaro Kikuchi, Head of the Platform Development Department of the Recruiting Product Division.
“In the age where people routinely live to 100 years old, it will be commonplace for people to change jobs many times. Many people will continue to face their careers at all phases, from new graduates to young, mid-career, and veteran professionals. As a "career infrastructure," BizReach aims to develop services that accompany such individual careers in a variety of fields. “Specifically, we anticipate that the scope of career changes will expand in the future, and the needs of both job seekers and employers will become more fragmented. We will continue to improve the quality of each function as a matching platform, for example, in terms of search and recommendation accuracy, to accelerate our business”, said Kikuchi.
Why adopt Okta instead of developing an in-house solution
While steadily improving and strengthening the management infrastructure, the Platform Development Department was quick to start work on the renewal of the authentication platform for the BizReach product. The product platform consists of B2C (members who are job seekers) and B2B (recruiting companies) platforms. Okta Customer Identity Cloud, powered by Auth0, was adopted as the authentication infrastructure for the B2C platform. There were three main objectives:
The first was to enable users to use services across the platform with a single account and password. Each of the company's products, including BizReach, has a different business phase and business model. In the early stages of release, priority was given to making each business viable, so authentication functions were developed independently for each product. For example, to use multiple products, users had to register for each one. However, in anticipation of developing a variety of services in the future, the company emphasized that users should be able to use services across the platform with a single account and password.
“We wanted to integrate our authentication infrastructure with Okta and create an environment where customers can conveniently use services across the platform with a single sign-on,” said Kikuchi.
The second goal was to reduce the cost of implementing and operating authentication functions when building new services. “Since authentication and authorization require a high level of expertise, if we were to develop our own authentication and authorization system, we would have to continue to hire engineers for this purpose, which could lead to high operational costs” said Kikuchi.
“The authentication/authorization mechanism is very complex, and security is also a major concern. If a leak of confidential or personal information were to occur, the company's foundation could be shaken. For this reason, when developing an authentication system on your own, you must constantly assign excellent engineers to the system, but it is becoming more and more difficult to secure excellent engineers in Japan every year. We are faced with the investment decision of whether to include the cost of implementing and operating the authentication infrastructure as a personnel cost or as a software cost through a service like Okta. The core domain of our business is not authentication, but matching. Therefore, we wanted to concentrate the resources of our excellent software engineers there," said Kikuchi.
The third objective was to centrally manage passwords and other confidential information to reduce the risk of leakage and unauthorized use. Developing authentication functions independently for each product increases the security risk, and security measures must also be taken individually. “Given this, we decided that centralized management using Okta, offering a variety of security functions and a solid system to ensure safety, was a more appropriate response to security risks,” said Kikuchi.
“Learning cost is another reason why we chose Okta. Once the authentication function is developed, there is much to do after that. The person who developed it has the knowledge and experience, but if another engineer is responsible for maintenance and operation, he or she may not have the knowledge and experience, so there is a new learning cost,” said Ryohei Yamamoto, Platform Development Department, Recruiting Product Division.
Okta's extensive user migration capabilities reduce man-hours
Against this background, the Platform Development Department launched an authentication infrastructure project team around August 2021 to start the migration to Okta. In the actual migration process, the most important thing for the team was to prevent existing users from being logged out.
At the time of migration, the BizReach product was one of the largest job search services in Japan, with more than 1 million members (2.27 million as of the end of October 2023) who could be scouted, and a considerable number of monthly users. In the transition to a new authentication platform, forcing users to log out could lead to a large number of users not being able to continue using the service.
“Unlike B2B services, where logging in with an email address and password is customary, B2C services are more prone to forgotten passwords due to customers not logging in frequently. Once a customer forgets their password, they may leave the service without logging in again. In the past, when migrating existing users to a new authentication infrastructure for a B2C service, we had to log out all users once, and many users did not return to the service. Because of this failure, we had to ensure that existing users would not be logged out during the migration this time,” said Yamamoto.
The Platform Development Department turned to Okta’s numerous migration functions. Specifically, the migration to Okta was divided into two phases, "individual migration of active users" and "batch migration of other (inactive) users. The Automatic Migration function of Okta was used for "individual migration of active users" who have newly registered and logged in to BizReach. By writing a script file named Custom Database Action Script, user data was migrated in conjunction with the company's service APIs and databases.
“When a user logs in with their email address and password, the user information is retrieved from the Okta user database, and if the data does not exist, the user information is retrieved from the existing BizReach user database using our own script. If there is information in the user database, it is automatically registered in the Okta user database with a BizReach ID to complete the migration," said Yamamoto.
While the automatic migration function is only available for logins using email addresses and passwords and not for socially connected users, Okta’s Social Logins function can be used to connect to various social services. When a user logs in to a social service, the information is first registered in the Okta user database. Then, using Okta’s Actions (fka Rules) function, the social service user ID is added to the user's ID token and linked to the existing BizReach user database, and the BizReach user's ID is sent to the target user using the Management API is used to grant the user IDs.
On the other hand, for the batch migration of other (inactive) users, BizReach used the batch import functionality provided by Okta. Specifically, the data to be migrated was obtained from BizReach's user database, and a JSON file defining user information was created, which was then batch-migrated to the Okta user database using the Management API.
While it is said that there are many difficulties in migrating the authentication functions of existing services, by skillfully utilizing Okta’s functions, the migration was successfully completed without logging out any of BizReach’s one million users.
“Some of our customers may have noticed the change in the login screen, but they were able to use the BizReach service as before without being particularly conscious of it. The fact that no customers have left the service due to logout since the transition to the new authentication platform is a great achievement,” said Kikuchi.
The actual migration took about eight months, with approximately one month for technical verification, six months for design and development, and one month for testing. The process was handled by three engineers in the Platform Department.
“The basic migration work was done quickly, but it took some time to migrate users who were not using the standard login/authentication flow, such as social networking users and users registered with non-RFC compliant email addresses. In our case, this was a rare case because we introduced the system to a product that had been in operation for more than 10 years, but if it is a new service or a service with a short history, I think the migration can be done in about one to two months," said Kikuchi.
Although it is not possible to make an exact comparison with the original development, Kikuchi says that development staff-hours were cut in half. “If we had developed the system ourselves with three people, we would have had to incur development and verification costs for security functions that are currently secured by Okta, which would have required more human resources and extended the development schedule. Considering this, Okta may have contributed to a reduction of more than 50%. Another major benefit is that the time saved can be allocated to other system development," says Kikuchi.
Security, availability, and support were also key factors in Okta's selection.
Why did the Platform Development Department choose Okta among the various cloud-based authentication, authorization, management, and access control services available?
“We compared and contrasted a variety of products, but we chose Okta because it had the most extensive user migration functionality, and we were concerned that existing users would not be logged out during the migration. We also evaluated security, availability, and support, and made an overall decision,” said Kikuchi
In terms of security, BizReach found Okta to be superior in the abundance of authentication methods, such as multi-factor authentication (MFA) and passkeys, and in its speed in keeping up with the latest authentication functions.
“When you develop your own systems, you have to worry about the long lead times required to respond to new security threats. In this regard, Okta is equipped with a variety of security functions, such as brute force attack protection and rogue IP detection, which we had developed on our own, so there is no need for us to develop and operate the system ourselves. In addition, cyber attacks are becoming more sophisticated and diverse every year, and it is very costly for an ordinary business company like ours to keep up with them. Although we have our own security office, we are required to deal with various security issues other than authentication,” said Kikuchi
Regarding availability, Okta "runs on Amazon Web Services (AWS), which we also use for our own products… guarantees a 99.99% availability rate in its SLA, which was the highest among the products we compared… and performs 98% of authentication requests in 500ms,” said Yamamoto. Latency had been a key priority for the BizReach team. In terms of support, the most important factors for Yamamoto were "the quick and accurate response time when we contacted support" and "the documentation on various use cases and best practices for using specific APIs.”
“If such resources are not available, you may unknowingly use the system in a way that degrades performance, or you may need to contact support because you don't know the cause of the problem. Engineers are most happy when they can immediately solve the problem themselves by referring to the documentation, without spending time on inquiries as much as possible”, says Yamamoto.
Yamamoto also indicated that another benefit of Okta was that the team was able to respond to user inquiries more smoothly after migration and easily identify the cause using dashboards and event logs. In addition, the Platform Development Department created a unique management screen for the Customer Support Department, which is directly responsible for customer service, so that customer inquiries can be completed within the Customer Support Department.
“We created an administration screen that was formed so that non-engineers could also check the event logs of Okta by acquiring them via API. This allows our customer support staff to check the event logs against the customer's membership number or e-mail address, so that the customer's inquiry almost never comes to us, the engineers," says Yamamoto.
Keeping engineers focused on core business domains
Many companies may hesitate to implement a large-scale project such as the renewal of the authentication infrastructure for an existing service on a large scale like BizReach products, because of the large human and financial costs involved. However, the introduction of Okta by the Platform Development Department shows the company's proactive stance of investing from a medium- to long-term perspective, without being bound by short-term costs, as long as the investment is necessary for business growth.
“When considering business growth, one strategy would be to minimize costs by keeping investments low, since the company's profit is the top line of sales minus expenses. However, when it comes to authentication infrastructure, it is difficult to hire high-level engineers when considering security risks, so it is well worth investing in a product like Okta. In other words, it is a question of where to invest engineering resources. In order to provide value that has an impact on society, I believe that developers and management really want to focus their resources on core domains that create competitiveness in their business. We are in a situation where no matter how many development resources we have, they are not enough to realize our vision for ‘career infrastructure’, so we have decided that it is essential to invest in authentication infrastructure that is not in our core domain, considering medium- to long-term costs, in order to increase top-line sales while ensuring security," said Kikuchi.
As supported by these words, the Platform Development Department succeeded in laying the groundwork for the "realization of a career infrastructure" by quickly investing in the authentication infrastructure while improving and strengthening the management foundation.
“In the future, we will proactively incorporate functions to enable customers to use our products stress-free, such as strengthening user authentication by introducing MFA and supporting passkeys to increase user convenience,” said Kikuchi. In addition, the company intends to provide a more convenient matching platform by utilizing the customer base centrally managed by Okta when releasing new products. Finally, the company is looking to leverage the knowledge and experience gained through this implementation to expand the footprint of Okta to the B2B side of the business.
About Customer
With the mission of "giving people more choices and possibilities in their careers," BizReach has been operating a variety of Internet services to support the future of work since April 2009. In addition to its Tokyo headquarters, the company has offices in Osaka, Nagoya, Fukuoka, Shizuoka, and Hiroshima. The company operates "BizReach," a job search website that connects companies with talented professionals, the "HRMOS" series of human capital utilization platforms, and "BizReach Campus," a network service for visiting alumni.
BizReach
https://www.bizreach.jp/