With 320,000 employees and a presence in almost every country, Siemens is a global technology powerhouse. The company’s extensive range of products and services help more than 4 million customers to transform the industries that form the backbone of global economies: industry, infrastructure, transport, and healthcare.
Operating on this scale, with so many different business units, Siemens has very specific Identity requirements. They need a solution that can handle the company’s scale and complexity, while being flexible and customizable enough to cater to their fast-moving business needs and quickly changing industry regulations.
The trouble with a decentralized approach to Identity
Previously, each of Siemens’ business units had its own Customer Identity solution, in what André Sousa, IT Service Owner & IT Architect - IAM Solutions, Siemens, describes as “a completely unconnected universe of Identity management.” Customers had to register and log in multiple times, as well as go through a number of additional, unrelated flows, such as email exchanges, across various touch points, to access different Siemens products and services. This was inconvenient and made for an inconsistent experience across the Siemens ecosystem. Having a number of Identity solutions also made it harder to ensure they were all working reliably. “If your customers cannot go in and do what they need to do, the impact is enormous,” explains Sousa. “We lose time trying to figure it out, and everyone loses money. ”
A lack of centralization led to internal inefficiencies, with teams across the business having to repeat customer interactions that could have been streamlined centrally. At the same time, money that could have been invested in developing core products was being spent on maintaining multiple Identity solutions.
Having multiple solutions also presented challenges around security and compliance. “We were dealing with fractured and dispersed infrastructures,” explains Stephanie Biegel, Export Control Specialist - Software & Technology Transfer, Siemens. “Our challenge was to make sure we covered all our Identity providers. That creates insecurities because you’re never sure, did I cover the most important ones?”
The search for an enterprise-ready provider
Siemens needed a centralized, flexible Identity solution to give customers a consistent experience. They wanted a solution that secured customers without them even noticing it was there, leaving them free to do what they needed to do.
Okta offered a secure, scalable, and reliable solution that could handle its size and complexity. It also provided the customizability Siemens needed to create a centralized Customer Identity management solution, while still delegating some control to individual business units to tailor services to their specific needs.
As Thomas Mueller-Lynch, Director Security, Identity & Protection at Siemens, explains, “Okta was an enterprise-ready solution for us, fulfilling all our main criteria: flexibility, customization, security, and centralized management of the whole system. It was a perfect fit.”
Engineering a hub-and-spoke Identity solution
Siemens implemented Auth0 in 2017 and, with the support of the Okta Customer First team in Europe, created a unified Identity management system: Siemens ID. This uses a hub-and-spoke model, centralizing Identity and imposing standardized rules and consistent security and authentication policies across the business, while giving individual business units the flexibility to manage the parts of Identity relevant to their applications.
“Our application owners have an Identity provider at their fingertips,” Sousa explains. “It's connected to our main tenant, and they have to follow our rule sets, but they have complete control over the users that reach their applications. They can enrich the user information. They can change parts of the flow. But the initial login is the same for all applications.”
With Identity managed centrally using Auth0, the Identity experts of the central Siemens ID team can focus on Identity and access management, leaving the individual business units free to focus on developing products.
A single gateway to a smoother customer experience
With Auth0 unifying access to all Siemens products and services with Siemens ID, customers only need to register and log in once to access any Siemens application they’re entitled to. The next step was the Siemens Xcelerator Marketplace, where customers can license and access all customer-facing applications and products from one place.
“The Xcelerator Marketplace brings together a lot of different services, applications and product lines into a single place,” Sousa explains. “Internally, it aligns strategies and processes, but externally, it’s a single port of call for our customers. This makes their lives easier and makes our range of products and services more visible. There’s no more confusion.”
According to Alexander Dranov, Technical Lead, Siemens Xcelerator Portfolio, giving customers that single entry point to Siemens is vital. “With Auth0, Siemens ID is the front door to our services,” he explains. “You can have the best-in-class solution, but if you mess it up at the beginning, you won’t get a second chance.”
This improved user experience is reflected in a fall in customer complaints. “It’s clear at all levels of the company that our customers are happier since we moved most of our applications into Auth0,” says Sousa.
For Mueller-Lynch, this is part of a bigger picture of transformation. “From a usability perspective Okta is a huge improvement, and from a central cyber security perspective it’s a huge improvement too,” he says. “We can make it secure. We can make it fast. We can make it resilient. Availability is high. As an overall package, it was a huge improvement all round.”
Hardening security and simplifying compliance with centralized Identity
Centralizing Identity with Auth0 has also made Siemens more secure. There is a smaller attack surface, while multi-factor authentication means there is no risk of weak individual Identity systems giving access to the wrong users. With Auth0, Siemens can now take a Zero Trust approach to Identity, with granular access controls, something it was previously unable to do with its individual Identity systems. At the same time, having a single, centralized Identity system makes it easier for Siemens to evaluate and monitor security threats.
Auth0 also allows the compliance team to quickly effect fast-changing regulations across hundreds of countries. For example, out-of-the-box geo-blocking from Auth0 allows Siemens to block countries immediately when necessary.
“Whenever there’s a regulatory change, it's one tool to adjust something with Okta. In terms of speed, that’s huge,” explains Biegel. “Regulations apply from the moment they are released, so you need to implement changes as fast as possible to be compliant.”
Increasing developer efficiency throughout the business
With Auth0, Siemens has one Identity solution that can scale up to support the whole company, meaning its central Identity team can quickly and easily integrate new Identity features centrally, rather than having to manage changes for every business unit independently.
As a result, Siemens can keep a lean team of Identity experts focusing on managing Identity for all the company’s individual business units. Meanwhile, the product experts in those business units can focus on their own area of expertise - namely developing products and services - as they no longer need to spend time managing their own systems.
A partnership to power the future of global industry
Siemens are now considering passkeys for smoother, more secure customer logins. They are also looking at introducing federations to single sign-on to allow larger customers to use their own external Identity providers with Siemens systems. This will improve the customer experience even further for Siemens’ business customers.
“Okta has enabled Siemens to set up a centralized customer Identity system that is super flexible, highly scalable, and has the highest Identity security on the market,” says Mueller-Lynch. “At Siemens, we need a leading-edge Identity security system in place. The partnership between Siemens and Okta is helping us to reach that goal.”
With Auth0 as its front door, Siemens can now work hand in hand with Okta to continue to shape the digital transformation of Siemens’ customers long into the future.
About Siemens
Siemens is a technology company focused on industry, infrastructure, transport, and healthcare. From more resource-efficient factories, resilient supply chains, and smarter buildings and grids, to cleaner and more comfortable transportation and advanced healthcare, Siemens creates technology with purpose, adding real value for customers.
By combining the real and the digital world, Siemens empowers their customers to transform their industries and markets, helping them to transform the everyday for billions of people.
