Reform reinforces its security technology with Okta
minutes to onboard new staff, reduced from half a day
apps integrated with Okta SS0, MFA and LCM
hours of productive time saved each month by reducing MFA prompts
- Reforming kitchen design and delivery
- Adding functionality, features and flexibility
- Simplifying and automating processes
- Protecting data while improving user experience
- Looking to the future
Kitchen manufacturer Reform began life in Copenhagen in 2014 and has rapidly grown to become a global brand, with showrooms across Europe and the U.S. and more than 230 staff. With that growth came challenges, particularly when it came to the technology used in-house, and Reform has now pivoted to an agile, cloud-first approach to reduce internal inefficiencies.
Reform was looking to improve its security measures but needed a solution that offered the functionality, features, and flexibility they required to grow their business without having a negative impact on their employees’ daily work. Okta’s adaptability, including its native integration with numerous apps - such as Jamf Pro and Connect, which Reform selected for mobile device management - was a key attraction for the company.
Okta associate and Apple device management expert dataJAR worked with Reform to help it select the right products for its needs, including Okta for the IAM component of its IT infrastructure, deploying SS0, MFA and LCM across 31 regularly used applications. This enabled the company to simplify and automate many of its previously time-intensive and inefficient processes.
Reform is now protected against the possibility of data leaks, including through the reuse of passwords that may already have been compromised in external accounts, using the Okta Verify app for MFA confirmation. Using contextual MFA has also reduced the number of times colleagues are prompted by push notifications, leading to increased productivity and a better experience for end-users.
Things have already changed dramatically for Reform, with the company now able to ship a computer to an employee anywhere in the world and have them up and running in minutes. And the team already has a number of ideas for projects it would like to implement in the near future, including further boosting automation and security measures.
We wanted to leverage technology to improve and secure our customer and employee experience, and to be able to create efficiencies that enabled us to scale our sales. The truth is, with such a small IT team, we wouldn't have been able to grow this quickly if it wasn't for Okta.
Erik Stromblad, IT Manager, Reform
Managing the demands of a growing business can be difficult, particularly when it comes to an expanding workforce. Global kitchen manufacturer Reform began life in Copenhagen, Denmark, in 2014. Since then it has rapidly scaled up to become an international brand offering worldwide delivery, with showrooms across Europe and the U.S. Reform collaborates with internationally acclaimed architects and designers to create modern kitchen spaces that meet the needs of the 2020s, and beyond.
Reform has built an agile, cloud-first approach to the technology it uses in-house. Spearheading these efforts is Erik Stromblad, IT Manager at Reform. When Erik joined Reform in November 2020, the company was using spreadsheets and CSVs to manage its identity and access management (IAM) situation manually, across siloed apps and systems. Reform wanted to integrate and automate these processes while implementing a single source of truth. It also needed to utilise mobile device management (MDM) for zero-touch enrollment for colleagues in offices around the world.
Reform turned to Apple device management experts and long-time Okta associates dataJAR, who recommended Okta as the key solution that could help the company achieve these goals. “We wanted to leverage technology to improve and secure our customer and employee experience,” explains Erik, “and to be able to create efficiencies that enabled us to scale our sales. The truth is, with such a small IT team, we wouldn't have been able to grow this quickly if it wasn't for Okta.”
Getting up and running with the help of dataJAR
Reform evaluated a number of solutions on the market and considered whether an integrated IAM and MDM platform might work. The options available, however, didn’t offer the functionality, features and flexibility that Reform needed, including remote wiping and locking down of devices. Reform worked with dataJAR to select the right products for its needs, including Okta for the IAM component of its IT infrastructure.
This decision was partly taken as Okta easily integrates with Jamf Connect, which Reform uses for the MDM component. Reform employees primarily use Apple MacBook and mobile devices. dataJAR was also able to help Reform during its Okta implementation process, with the help of Ignition Technology, who trained Erik on the key features of Okta and helped him with the initial setup process. “Working with dataJAR was a really big advantage for us,” Erik adds. “I think the whole process would have been much harder without them. We have a really great relationship with them, they offered us a really great price, and their Okta, Apple and Jamf expertise have helped us a lot.”
Adopting Single Sign-On for a seamless user experience
Reform adopted a staged approach to its Okta implementation, first rolling out Single Sign-On (SSO) - department by department - to a handful of apps. Once they approached 100% activation, Erik began to implement Jamf Connect. When both systems were set up, Erik added further apps. Today, all of the commonly used apps at Reform, 31 in total, are integrated with Okta SS0.
Okta SSO has brought a number of benefits to Reform. For Erik and the IT Team, it means they can rest assured that accounts are secure and password resets can be handled easily. In terms of the user experience for its employees, signing on is now a simple and convenient process. Prior to Okta, staff had separate accounts for the various apps they used, including usernames and passwords to remember. Okta has pre-built connectors for the majority of the apps that Reform employees use regularly, including Adobe, Dropbox, Google Workspace, Hubspot, Jamf Connect, and Microsoft Intune and O365. And Erik says that the flexibility Okta offers for adding apps that don’t come pre-integrated is also invaluable.
Boosting security with Adaptive Multi-Factor Authentication
A key component in Reform’s account security measures is Adaptive Multi-Factor Authentication (MFA). Before moving to Okta, certain apps - such as Google Workspace - did offer two-factor or multi-factor authentication for additional security, but this wasn’t something Reform was able to properly enforce. Now, with MFA, Erik and the team know that accounts are effectively secured, without additional disruption for employees.
In terms of additional verification, Reform favours Okta Verify, enabling colleagues to confirm their identity on their mobile devices when prompted by a push notification from the app. That means Reform is protected against the possibility of data leaks, including through the reuse of passwords that may already have been compromised in external accounts. It also means that Erik and the team can quickly help colleagues if they ever lose their devices. “For us, it's all about the security,” says Erik. “MFA offers that extra layer and Verify makes it super easy for our users to confirm their identity and keep our data safe. But, let’s not forget, we’re a kitchen company rather than Fort Knox, so we use contextual MFA to take the hassle out of the process as much as possible. That means if a user spends the week in the office, they’re only going to be prompted by Verify once during that period, but if they’re out and about, it’s going to happen a bit more frequently.”
And, as a growing business, there’s real value to Reform in minimising the number of times users are prompted to confirm their identity through MFA, beyond the frustration for staff. Each prompt is productive time that’s lost, taking around 45 seconds on average to address. With contextual MFA, that’s 45 seconds lost once a week, rather than four times per day, which Erik estimates would be the case otherwise. That might not sound like much for a single employee, but as a company with 275 users, a number that’s steadily increasing, that’s 297 hours of productive time saved each month across the company, simply by reducing MFA prompts.
Automating manual tasks with Lifecycle Management
For the IT team, the situation prior to Okta also meant that provisioning and de-provisioning users were also a challenge. For provisioning, this involved a helpdesk admin spending anywhere from 30 minutes to 2 hours on account creation alone, let alone setting up access to individual apps and other time-intensive tasks, which could take anywhere between 5 and 20 minutes depending on the permissions needed. For de-provisioning, that required HR informing IT that a person has left. But, with around 70 different systems running at that time, that would have taken around a day of work to check manually, something Erik and the team simply didn’t have the time to do.
Erik has now automated many of these processes using Lifecycle Management, in conjunction with the Hibob people management platform. When a new starter joins the company and is added to the system by HR, or is removed at the time of their leaving, access to any of the company’s 31 regularly used apps that they need for their role is granted or revoked automatically. As a result, Reform has been able to keep a much closer eye on licensing. Previously, de-provisioning of an app account required manual notification from a line manager, whose focus is likely to be on selling products, rather than account permissions. Now, Erik and the team have complete oversight and have uncovered multiple instances of unneeded licences. With individual licences costing in the high hundreds or even thousands of dollars per year, that’s a financial saving that can quickly add up. “We’ve managed to clean up quite a few accounts thanks to LCM,” Erik adds. “We didn’t really have a lot of control over this in the past, but Okta gives us a great overview. And when it comes to tasks for apps where we don’t have a SCIM connector, it’s a lifesaver.”
Reforming the future with the help of Okta
Reform is just at the beginning of its journey with Okta, yet things have changed quickly. Today the company can ship a MacBook to an employee anywhere in the world and have them up and running in minutes. That’s a big difference from the past, Erik says. He adds: “When we get a new starter, their manager will send them a computer and tell them ‘this is your username and your one-time password to open it up.’ Everything is pre-installed, they just change their password, set up MFA and log into the Okta dashboard, and all their apps are just there. It’s reduced a process that used to take half a day, with lots of calls to managers, to around maybe 15 or 20 minutes.”
And Erik already has a number of ideas for more projects he’d like to implement in the near future. Among them is using Okta Workflows to further automate tasks that are currently managed manually, including some that will further reduce unnecessary licences and apps. Erik is also hoping to set up RADIUS with Okta to improve network security.