Modern IT for today’s workplace health and safety
As Australia’s national authority for workplace health and safety, Comcare is responsible for ensuring healthy workplace environments and for helping injured workers get back to work in a timely manner.
Comcare has a broad and important mandate that requires secure and accessible IT infrastructure for users who are dispersed across the country.
In 2018, Comcare determined it was time to eliminate on-premise data storage and software and embark on a major IT modernization project.
“We want all our on-premise infrastructure to be relocated or repurposed to the cloud,” says Peter Hinchley, solutions architect with Comcare. “Our team is responsible for working through all of Comcare’s on-premise systems, and migrating them, one by one, to SaaS products. Hopefully in another two to three years, we'll be able to turn off the last piece of equipment that we manage ourselves and be entirely cloud-based.”
To support the migration, Comcare recognized it needed two foundational pieces of technology: an identity access management system and an API management system.
“There were always different ideas around what solving identity and access management meant and that complicated our business requirements process.”
Centralized identity for users and employees
While evaluating various available products, though, Hinchley and his colleagues were able to clarify exactly what technology Comcare required to move its transformation forward, and why. That included a web interface for their cloud management system that would offer better visibility and secure, streamlined identity management.
“As we moved applications to the cloud, one by one, we didn’t want our employees to have to log in to each of those systems, like they were little islands,” Hinchley says. “We really wanted a centralized identity point to enable things like single sign-on. And when employees leave, we wanted to have one spot that we could decommission from.”
At that point, Comcare had three types of identities in their Active Directory environment: full-time employees, contractors, and external users. Each was managed by a different set of policies and permissions, which made it difficult to deprovision individuals when they were on leave or left their position, and this opened the door for potential security risks.
“The problem was that all those disconnected identity stores meant we did not have visibility into the systems that users were accessing. We had to hope that people remembered to clean up their systems and transfer access before leaving. It just wasn’t scalable,” Hinchley says.
A secure user experience for all with Okta
As Comcare’s specific IT needs became clearer, so did additional use cases that would take advantage of solutions like user authentication and multi-factor authentication. “We thought about Comcare’s staff and how they were going to access services in a fast-paced world,” Hinchley says. “How staff were going to access the services we provide, and how other members of the public were going to engage with Comcare. Ultimately, we needed a centralized identity source to manage all those pieces. And it had to be secure.”
The Okta Identity Solution is ideal for Comcare, in part for its easy integration with many of the applications Comcare was using, through the Okta Integration Network. Okta offered all the workforce identity solutions Comcare was looking for, including Okta’s Single Sign-On, Adaptive Multi-Factor Authentication (AMFA), Universal Directory, Lifecycle Management (LCM), and API Access Management. Comcare also procured a number of Okta’s customer identity and access management (CIAM) solutions, including Adaptive MFA, LCM, and Okta’s core CIAM platform.
Easy implementation, smooth roll out
Once Comcare decided to move forward with Okta, implementation came quickly. The first thing Comcare did was synchronize identities into Okta. “With the Active Directory connector, we were able to enable Okta Single Sign-On and integrate it with the front end of our web-based claims management system.”
With the core platform implemented, Comcare turned to risk-based authentication using Okta’s Adaptive Multi-Factor Authentication. Technical staff now uses two-factor authentication to login to secure admin workstations before accessing IT resources. This ultimately improves Comcare’s security posture and audit readiness.
“After that came a few weeks of tweaks and customizations, but standing up the core product and confirming it was functional really only took a week.”
Those tweaks and tests involved setting up Multi-Factor Authentication, refining sign-in policies, and implementing consistent branding. With the Okta foundation set up, Comcare was ready to undertake its first major Okta integration: Office365.
Comcare’s cloud services team did the technical work but, because it was their first big software migration using Okta, they hired Okta Professional Services for about 40 hours to validate their approach.
“It was more for our risk comfort,” Hinchley says. “Okta looked at our plan and said, yup, that's going to make sense and that should be fine. It all went remarkably well. No issues.” Hinchley also turned to Okta Professional Services to proactively confirm their plans would align with Okta’s capabilities.
Enabling full visibility
From there, integrating other apps—including the Comcare HR system—with the Okta platform has gone smoothly, each taking a day or so to implement, test, and document.
“We have had little bursts of activity around different initiatives, but over the last couple months, it's really just been as new applications have come on board, or as we've moved something from on-prem to the cloud, we go through the process of integrating with Okta and it's usually very straightforward. The entire process to set up, test, document, and roll out a new application to our end users now only takes about a day,” says Hinchley.
Currently, all staff have an Okta account. Through that single login, they can securely access Office 365, the Comcare HR and finance systems, the Comcare internet and intranet sites, campaign mailing software, and other applications from any device, anywhere.
Having an integrated system means Comcare’s security operations center can monitor Okta logs—along with any other IT logins—through a single pane of glass. Any anomalous activity is identified and raises an alert.
Reliable and stable identity management
Through the fast-paced IT changes of the past year, Okta has been a constant source of reliability and stability.
“Okta just kind of gets out of the way and does its job,” Hinchley says. “With Okta we’ve had no availability issues since moving our services to the cloud”.
Foundation
Currently, Comcare’s Okta-powered services are primarily used by internal workers and a small group of external users, including workplace rehabilitation providers. The next big task will be to extend it further out for external users who need to access Comcare services.
“We’re looking forward to working with Okta to build an identity flow and step-up authentication process whereby people have to provide additional information based on the services that they're accessing for verification of who they are.”
About Comcare
Comcare is Australia’s national authority for workplace health and safety, and workers’ compensation. The organization is responsible for implementing the government’s policies in federal workplaces to drive social inclusion and productivity.
