Thanet District Council: delivering local government services during the pandemic with Okta

400 employees

able to work remotely during the pandemic

More than 70 applications

accessed in seconds with Single Sign-On

Time spent resolving MFA prompts

reduced from 3,333 to 113 hours a year saving £90,000 in resourcing

Integrating 3 core apps

with LCM saved one to three months of resource cost per app in integration time

  • 1
  • 2
  • 3
  • 4
  • 5
1

Thanet, a district council in the south-east of England with a population of 140,000, provides a highly diversified portfolio of services including housing, port regulation, parks maintenance, and town planning, among others. When the COVID-19 pandemic forced employees to work remotely, the council needed to ensure they could carry out their vital work as securely and effectively as possible.

2

Thanet District Council already used a number of cloud-based applications and a virtual desktop but identity and access management was fragmented and slowed down workers. After evaluating the leading identity providers, Thanet chose Okta for its ease of use, out of the box integrations and security credentials.

3

The council deployed Single Sign-On and Adaptive Multi-factor Authentication to reduce friction for workers while improving security standards. Meanwhile, integrating Universal Directory and Lifecycle Management with the council’s existing directory helped to automate provisioning and deprovisioning processes.

4

With Okta, council workers were able to serve the people of Thanet just as effectively working remotely as they would if they were in the office. Removing barriers to access also empowered workers to be more creative with the tools they had to hand and innovate new ways of connecting with citizens.

5

Moving to Okta didn’t just help Thanet District Council adapt to a pandemic. It helped change the way the council works in the present and in the future. A recent survey of employees found that more than 90% would prefer a hybridised way of working rather than returning to the office full-time. Meanwhile, the council continues to look for ways to modernise and build a truly digital end-to-end process for its workers.

I’m continually looking to improve the systems that our internal users work with. I wanted to make sure that working remotely, they could use everything just as well and just as securely as if they were in the office. For us, the best way of achieving that was with Okta.

Joe Brackenborough, Digital Transformation Manager, Thanet District Council

Benefits

  • Creates customised integrations with Okta in as little as 20 minutes
  • Enables 400 users to access 70 applications in seconds with Single Sign-On
  • Dispenses with the need for physical tokens and multiple passwords, allowing employees to focus on the work that matters
  • Automatically sets up new employees with the applications they need in a few minutes down from two weeks thanks to Lifecycle Management and Universal Directory
  • Empowers workers to use all the technological tools at their disposal to connect with the citizens of Thanet

For many people in the United Kingdom, their local council is how they interact with government. Local government can be a demanding world, filled with challenges of all kinds. Thanet, a district council in the south-east of the country with a population of 140,000, faces as diverse a set of challenges as they come.

"As a council, we deal with all kinds of things," says Joe Brackenborough, Digital Transformation Manager at Thanet District . "Everything from organising waste collection, to dealing with planning applications and supporting those at risk of homelessness. We’ve also got a port, the country’s only royal harbour, and we maintain the local parks. You would never diversify like this if you were a business."

However, while as a public body the council might not operate in the same way as a private company might, there are lessons that it has taken from the private sector. “Our mantra is to be the council that people would choose,” explains Joe. “Obviously as a local government organisation, there’s no commercial competition for what we do, but we treat the people of Thanet like customers. We ask them what they think of our services, what needs improving, and what they want to see more of.”

In 2020, the UK imposed lockdowns and social distancing measures to combat the spread of COVID-19. Working from home became the new normal for the staff of Thanet District Council, but their work was no less urgent. If anything, in a time of crisis the people of Thanet - especially the most vulnerable - relied on the council even more than normal.

When the pandemic hit, Thanet was better prepared than many local government organisations for working from home, as it was already using cloud-based Software-as-a-Service (SaaS) platforms for much of its work, but there was still a lot of friction for users. The solution lay with a dedicated, fully-featured Identity and Access Management platform and for that, Joe turned to Okta.

“I’m continually looking to improve the systems that our internal users work with,” says Joe. “I wanted to make sure that working remotely, they could use everything just as well and just as securely as if they were in the office. For us, the best way of achieving that was with Okta.”

Unique work with unique requirements

While they have to operate in wider areas than the private sector, councils often have to deal with more restrictions. Thanet, for example, has a hybridised IT system, in which it is in control of some of the platforms it uses while also sharing core services, such as a Human Resources platform and Information and Communication Technology (ICT) systems, with two neighbouring councils.

This means that Thanet District Council’s technological requirements are unique, requiring bespoke solutions and workarounds. Joe and his team had previously made good headway implementing cloud-based services like Google Workspace and Citrix, which helped workers to become more efficient. But with 90 applications in use and the need to integrate with shared HR and ICT platforms, simply accessing these applications was becoming harder and harder for workers.

Users had to maintain a multitude of passwords and often had to deal with outdated, needlessly restrictive identity management. One application asked users to generate alphanumeric, mixed case passwords of 14 characters, and then remember the position of individual characters. In order to log in, users would be asked to input, for example, the 5th, 7th and 12th characters of their password. The friction actually led to bad security practices, just so that people could access the tools they needed. Password resets were a huge burden, with 90 apps and therefore 90 complex passwords to reset across 400 users. Each reset took on average 15 minutes of IT time, taking up as much as 4,500 hours a year or roughly £100k of cost. “It was a nightmare. People were either constantly resetting their passwords or writing them down in ‘password books’,” says Joe.

The situation was made even more acute when the pandemic forced Thanet District Council staff to work remotely. While the move to SaaS applications actually made the transition much easier for  the council, the environment was not all it could be. Council workers were logging in via RSA-based physical tokens and still having problems finding the right password and username. Each council worker was doing two Multi-Factor Authentication (MFA) prompts a day with their hard token, taking roughly one minute to do each time. This added up, taking up as much as 3,333 hours of workforce time a year across the council. These also needed to be resynched every month and had minimum orders of 100, making them a huge administrative and cost burden for the IT team.“I just felt there had to be a better way of doing things,” says Joe. “We had this big drive to move to the cloud but we were being slowed down on the identity and access side of things.”

Okta's Adaptive MFA removed roughly two thirds of those prompts due to contextual access management, and of the remaining third, these took a few seconds to do with a push notification. Thanet Council was able to reduce the MFA burden to their employees from 3,333 hours by 3,220 hours a year that was worth roughly £90,000 of resource time.

Overcoming roadblocks with identity and access management

Joe and his team evaluated some of the leading providers of identity and access management platforms, but only Okta had the complete package for Thanet District Council.

“Okta felt like the right choice for us from day one,” says Joe. “It comes with tonnes of app integrations right out of the box and it looked and felt rock solid in terms of security. We also love the ethos that Okta has of continually releasing feature upgrades and improvements.”

As a test of Okta’s ease of use, Joe set up a trial environment to see how it would run without any help from the wider IT department. “I just wanted to see what I could do on my own,” he explains. “If it needs a whole lot of training to do basic things like add users or add applications, then it’s never going to work for us. As it was, I managed to get a lot of it up and running before we’d even bought the solution!”

Initially, Joe and his team planned to take advantage of Okta’s huge range of pre-built integrations, but quickly realised that they could also quickly and easily build their own for those apps Okta hadn’t already added to its market leading Integration Network. That way, they could adapt Okta around the unique requirements of each application. “It was all very quick for us. We didn’t take more than 20 minutes setting up the integrations for each custom app,” says Joe. “Some we did in seconds.”

One unique aspect of Thanet District Council’s IT system is that it has different standards to adhere to depending on whether it fully owns the platform or is sharing it with other councils. For example, due to the wider ICT protocols, some applications can only be accessed via Citrix virtual desktops or Google Workspace.

To accommodate these restrictions without hampering the user experience, Joe and his team deployed an innovative way of combining Okta’s Universal Directory and Lifecycle Management (LCM) with the existing directories. This way, they could gain a complete and up-to-date picture of the identity and access landscape as well as automating key processes like provisioning and de-provisioning employees without disrupting their partners in other councils.

Thanet Council has integrated three apps with LCM, they were all part of Okta's pre-built Okta Integration Network. These pre-built connectors saved the council roughly one to three months of resource cost per app of integration time. Automating Lifecycle Management for just these three core apps has saved 120 hours a year of IT effort across joiners, movers and leavers. Thanet Council has the ambition to bring more apps onto Okta and further reduce their manual provisioning costs.

And, it’s not just the existing employees who have benefitted from Okta. Previously, new hires had to request access for each individual application they needed and it would be about two weeks before they were fully up and running. This represented a huge amount of time an employee might be waiting for an app. Waiting two weeks to attain full productivity represented 4,800 hours of unproductive time across the council. With automatic provisioning on Okta, they are set up with the tools they need as soon as they start. “If the applications they want are on Okta, then we don’t touch it,” says Joe. “It’s all there for them. At most, we spend a couple of minutes just making sure they’ve got what they need.”

Okta’s Single Sign-On solution has been key for Thanet District Council workers who can now access 70 applications with a single username and password, reducing friction. Meanwhile using Okta’s Adaptive Multi-factor Authentication (MFA) means that connections stay secure whatever devices are being used, helping the council to move closer to adopting a zero trust model of security.

Saving time and improving security with Okta

Prior to going live with Okta, the Digital Transformation team sent out a series of internal emails and newsletters informing council workers of the new identity platform. Realising that overstretched staff had very little time to read detailed IT instructions, Joe demonstrated the simplicity of Okta’s platform with a series of simple before and after GIFs. The response was dramatic.

“When we went live, joining the platform was voluntary. We were shocked when nearly half the workforce signed up in the first week,” he says.

Less than a year later, around 90% of Thanet’s 400 employees have chosen to sign up with Okta.

“There’s usually a compromise,” says Joe. “When you make things more useable, you tend to lower the security. But with Single Sign-On and Adaptive MFA, we’ve managed to find that balance. Our security practices are so much better than they were before.”

Adapting to and overcoming new challenges with new solutions

The impact all of this has had on workers has been profound. As well as maintaining standards, moving to Okta has helped them expand on the work they do to help the people of Thanet. “I think it’s made them more comfortable with the full range of technological tools we have,” explains Joe. “We love getting feedback from customers but in the past we sent them PDFs or Word documents to print out and return. Now, because everything’s so easy to access, we’re more likely to send them Google Forms, which they can just fill out on their phones. Despite working remotely, in some ways we’re more accessible than before.”

As more of the UK becomes vaccinated and lockdown restrictions ease, the Digital Transformation team surveyed Thanet’s employees to gauge their feelings on returning to the office versus maintaining some degree of remote working. Only 25 of the 350 workers surveyed wanted to return to the office full-time.

“What we’ve discovered is that with Okta we’ve been able to build a new hybrid way of working. You can work just as effectively from home as you can in the office. It’s the same technology, the same setup, wherever you are,” says Joe.

While the move to Okta was successful, the work hasn’t stopped for Joe and the Digital Transformation team as they look for ways to integrate applications even more closely with Okta and expand the HR platform to automate as much as possible. “The goal is to make everything digital end-to-end,” says Joe. “Councils aren’t known for their agility, especially when it comes to technology, but I’ve been lucky. My team is small but very good. We’ve got a clear vision of where we want to get to and how to get there.”