Reform reinforces its security technology with Okta

15

minutes to onboard new staff, reduced from half a day

31

apps integrated with Okta SS0, MFA and LCM

297

hours of productive time saved each month by reducing MFA prompts

Managing the demands of a growing business can be difficult, particularly when it comes to an expanding workforce. Global kitchen manufacturer Reform began life in Copenhagen, Denmark, in 2014. Since then it has rapidly scaled up to become an international brand offering worldwide delivery, with showrooms across Europe and the U.S. Reform collaborates with internationally acclaimed architects and designers to create modern kitchen spaces that meet the needs of the 2020s, and beyond. 

Reform has built an agile, cloud-first approach to the technology it uses in-house. Spearheading these efforts is Erik Stromblad, IT Manager at Reform. When Erik joined Reform in November 2020, the company was using spreadsheets and CSVs to manage its identity and access management (IAM) situation manually, across siloed apps and systems. Reform wanted to integrate and automate these processes while implementing a single source of truth. It also needed to utilise mobile device management (MDM) for zero-touch enrollment for colleagues in offices around the world. 

Reform turned to Apple device management experts and long-time Okta associates dataJAR, who recommended Okta as the key solution that could help the company achieve these goals. “We wanted to leverage technology to improve and secure our customer and employee experience,” explains Erik, “and to be able to create efficiencies that enabled us to scale our sales. The truth is, with such a small IT team, we wouldn't have been able to grow this quickly if it wasn't for Okta.”

"We wanted to leverage technology to improve and secure our customer and employee experience, and to be able to create efficiencies that enabled us to scale our sales. The truth is, with such a small IT team, we wouldn't have been able to grow this quickly if it wasn't for Okta."

Erik Stromblad,

IT Manager, Reform

photo presenting a designer interior arrangement

Getting up and running with the help of dataJAR

Reform evaluated a number of solutions on the market and considered whether an integrated IAM and MDM platform might work. The options available, however, didn’t offer the functionality, features and flexibility that Reform needed, including remote wiping and locking down of devices. Reform worked with dataJAR to select the right products for its needs, including Okta for the IAM component of its IT infrastructure. 

This decision was partly taken as Okta easily integrates with Jamf Connect, which Reform uses for the MDM component. Reform employees primarily use Apple MacBook and mobile devices. dataJAR was also able to help Reform during its Okta implementation process, with the help of Ignition Technology, who trained Erik on the key features of Okta and helped him with the initial setup process. “Working with dataJAR was a really big advantage for us,” Erik adds. “I think the whole process would have been much harder without them. We have a really great relationship with them, they offered us a really great price, and their Okta, Apple and Jamf expertise have helped us a lot.”

Adopting Single Sign-On for a seamless user experience 

Reform adopted a staged approach to its Okta implementation, first rolling out Single Sign-On (SSO) - department by department - to a handful of apps. Once they approached 100% activation, Erik began to implement Jamf Connect. When both systems were set up, Erik added further apps. Today, all of the commonly used apps at Reform, 31 in total, are integrated with Okta SS0. 

Okta SSO has brought a number of benefits to Reform. For Erik and the IT Team, it means they can rest assured that accounts are secure and password resets can be handled easily. In terms of the user experience for its employees, signing on is now a simple and convenient process. Prior to Okta, staff had separate accounts for the various apps they used, including usernames and passwords to remember. Okta has pre-built connectors for the majority of the apps that Reform employees use regularly, including Adobe, Dropbox, Google Workspace, Hubspot, Jamf Connect, and Microsoft Intune and O365. And Erik says that the flexibility Okta offers for adding apps that don’t come pre-integrated is also invaluable.

Boosting security with Adaptive Multi-Factor Authentication

A key component in Reform’s account security measures is Adaptive Multi-Factor Authentication (MFA). Before moving to Okta, certain apps - such as Google Workspace - did offer two-factor or multi-factor authentication for additional security, but this wasn’t something Reform was able to properly enforce. Now, with MFA, Erik and the team know that accounts are effectively secured, without additional disruption for employees. 

In terms of additional verification, Reform favours Okta Verify, enabling colleagues to confirm their identity on their mobile devices when prompted by a push notification from the app. That means Reform is protected against the possibility of data leaks, including through the reuse of passwords that may already have been compromised in external accounts. It also means that Erik and the team can quickly help colleagues if they ever lose their devices. “For us, it's all about the security,” says Erik. “MFA offers that extra layer and Verify makes it super easy for our users to confirm their identity and keep our data safe. But, let’s not forget, we’re a kitchen company rather than Fort Knox, so we use contextual MFA to take the hassle out of the process as much as possible. That means if a user spends the week in the office, they’re only going to be prompted by Verify once during that period, but if they’re out and about, it’s going to happen a bit more frequently.”

And, as a growing business, there’s real value to Reform in minimising the number of times users are prompted to confirm their identity through MFA, beyond the frustration for staff. Each prompt is productive time that’s lost, taking around 45 seconds on average to address. With contextual MFA, that’s 45 seconds lost once a week, rather than four times per day, which Erik estimates would be the case otherwise. That might not sound like much for a single employee, but as a company with 275 users, a number that’s steadily increasing, that’s 297 hours of productive time saved each month across the company, simply by reducing MFA prompts.

Automating manual tasks with Lifecycle Management 

For the IT team, the situation prior to Okta also meant that provisioning and de-provisioning users were also a challenge. For provisioning, this involved a helpdesk admin spending anywhere from 30 minutes to 2 hours on account creation alone, let alone setting up access to individual apps and other time-intensive tasks, which could take anywhere between 5 and 20 minutes depending on the permissions needed. For de-provisioning, that required HR informing IT that a person has left. But, with around 70 different systems running at that time, that would have taken around a day of work to check manually, something Erik and the team simply didn’t have the time to do.

Erik has now automated many of these processes using Lifecycle Management, in conjunction with the Hibob people management platform. When a new starter joins the company and is added to the system by HR, or is removed at the time of their leaving, access to any of the company’s 31 regularly used apps that they need for their role is granted or revoked automatically. As a result, Reform has been able to keep a much closer eye on licensing. Previously, de-provisioning of an app account required manual notification from a line manager, whose focus is likely to be on selling products, rather than account permissions. Now, Erik and the team have complete oversight and have uncovered multiple instances of unneeded licences. With individual licences costing in the high hundreds or even thousands of dollars per year, that’s a financial saving that can quickly add up. “We’ve managed to clean up quite a few accounts thanks to LCM,” Erik adds. “We didn’t really have a lot of control over this in the past, but Okta gives us a great overview. And when it comes to tasks for apps where we don’t have a SCIM connector, it’s a lifesaver.”

Reforming the future with the help of Okta

Reform is just at the beginning of its journey with Okta, yet things have changed quickly. Today the company can ship a MacBook to an employee anywhere in the world and have them up and running in minutes. That’s a big difference from the past, Erik says. He adds: “When we get a new starter, their manager will send them a computer and tell them ‘this is your username and your one-time password to open it up.’ Everything is pre-installed, they just change their password, set up MFA and log into the Okta dashboard, and all their apps are just there. It’s reduced a process that used to take half a day, with lots of calls to managers, to around maybe 15 or 20 minutes.”

And Erik already has a number of ideas for more projects he’d like to implement in the near future. Among them is using Okta Workflows to further automate tasks that are currently managed manually, including some that will further reduce unnecessary licences and apps. Erik is also hoping to set up RADIUS with Okta to improve network security.

Continue your Identity journey

Get hands on with the free trial today, or get in touch with our team to discuss your unique needs.