Delivering inspiring content across multiple platforms
Unify is the digital division of TF1 Group, a broadcaster that has been operating in France for almost 50 years. By acquiring major digital content players, TF1 Group is reaching virtual communities around the world and diversifying its business model to cover online marketing and e-commerce activities on social media. Unify brings together all these activities and serves diverse audiences with a portfolio of leading sites, including one of the world’s leading publishers of content for women. au féminin.
Each of its 15 online brands serves an engaged community, with content targeted at visitors’ specific interests. A cookery fan might look at the marmiton site to find tried-and-tested recipes, while someone who’s passionate about beauty will find tips on Beauté Test.
Simplifying Identity Access Management without additional solutions
To support this growing brand portfolio, Unify’s IT team looks after 15 businesses in five different countries. The head of IT is Charles Misson. “We’re a small team of only three people, so we cover quite a wide perimeter,” he says. This includes a helpdesk service for between 1,000 and 1,200 users, as well as managing infrastructure and SaaS solutions, along with the maintenance of IT equipment such as computers and printers.
When Charles arrived at Unify, the group was operating a separate information system for each company. “There were 15 Google Workspace, Salesforce and Slack systems to manage,” says Charles. “This involved administrative complexity every day and it was difficult to push for the adoption of new tools for the whole group. Our starting point for improving this situation was to implement a single instance of Salesforce at a group level, so that everyone was on the same system. That required a simple solution for verifying identities and managing access rights.” As well as simplifying identity management throughout the group, Charles wanted to improve users’ everyday experiences, making it easier for them to access the tools they needed while maintaining security standards at a group level.
In evaluating several IAM solutions to meet these challenges, Okta’s simplicity was one of the decisive factors. “Unlike other solutions we evaluated, Okta didn’t require any add-ons to enable multifactor authentication,” Charles says. “We didn’t want another product to manage, either technically or financially.” The solid community around Okta solutions also played its part. “I’m in a Slack channel with Apple administrators and one of the biggest channels is devoted to Okta,” he says. “So I’ve been able to benefit from a lot of good tips, and working closely with the Okta team during the implementation has also been very useful.”
Planning for smooth implementation
To make the transition to Okta easier, Unify’s IT team joined the Okta Essentials training course, which took place over three days. “The Okta Essentials training was adapted for our situation, particularly for Google Workspace,” says Charles. “Having worked on the pre-sales process, I already had some knowledge, but I learned a lot about personalizing and configuring Okta for our system and the whole team found it very useful.” Unify also called on a certified Okta consultant to give objective advice on how to achieve smooth implementation and on details like defining naming conventions for groups.
Another key approach was to clearly inform all Unify employees about what they should expect and the benefits of the system for them. “We could have imposed the changes without discussion, but we went for a more transparent approach,” says Charles. “We clearly explained how having a single password and increased security could benefit users. As a result, everyone was with us from the beginning.”
Making access easier for IT administrators and employees alike
To make onboarding quicker and easier, Unify integrated Salesforce with Okta, which makes it easy to assign the correct access rights. “We created 200 groups corresponding to the complexity of the set of Salesforce permissions,” explains Charles. “When a person arrives, we look at the chart and put them in the group corresponding to their country and organization, and their profile is created with the right permissions. This has simplified onboarding a lot and now we no longer have to spend three days assigning the correct rights in Salesforce.”
Because many of its employees are self-employed or freelancers, the total number of users can range between 1,000 and 1,200. For extra flexibility in managing employee identities, Unify uses Lifecycle Management. With Lifecycle Management it is easy to deactivate an account without deleting it and reactivate it if the freelancer comes back. This strengthens security policies at a group level by eliminating latent access.
One of the key objectives for the deployment of Okta was to improve the IT experience of Unify employees. Previously, users needed several passwords to access their computer, their Active Directory, their G-mail account, and other work applications. Now, they only need a single password as access is managed via Single Sign-On. As Unify works with Macs, the team also chose Jamf Connect Login, which enables employees to use their Okta logins on their computers. These accesses are secured by Multi-factor Authentication and the Okta Verify smartphone app as needed, for example if the connection network zone is defined as suspect.
Even before the COVID-19 pandemic and the switch to remote working, Unify had already implemented a Zero Trust security model. That means 95% of employees use Okta Verify to authenticate their access, even in the office, and the remaining 5% use an alternative Okta factor type, such as SMS. During lockdown, the team has been able to continue its roll-out of Okta and register 400 more people. “This helped us see that Okta Verify is really simple and that any fears of complexity were unfounded,” says Charles.
Increasing automation for less administration and greater security
Because Unify’s IT team is small, it was difficult to stay up to date with staff movements in real time. After implementating Okta, administrators no longer need to set up 45 group-level accounts for new workers because almost all the tools are integrated with Okta. The team has more time for other tasks, such as adopting innovative tools. On top of that, the employee experience is more harmonious because employees can connect to their apps or obtain access to a new tool easily, without creating a support ticket. “With Okta we have made everyday life easier for our employees by reducing friction and enabling single-password access,” says Charles.
At a group level, thanks to the implementation of Okta it’s easier for Unify to align with its parent company’s security standards and meet the security levels required in this industry. “Before, the multiple domains increased our potential area for attack,” he says. “With Okta, we have more control over onboarding and offboarding and can eliminate latent access. Before we implemented Okta, we might discover that an account was still open three weeks after a person had left. We couldn’t allow that situation in a group of our size, particularly as we need to meet TF1 Group’s security requirements.”
And the next step on Unify’s Okta journey? Automating its onboarding processes by synchronizing its HR system with Okta, using Universal Directory to save even more time for the IT team and creating an even more harmonious experience for its employees. The plan is to switch its HR system to the TF1 Group system, which is connected to Okta. This will allow Unify to further centralize information and better manage arrivals, creating accounts in advance without activating them, and deactivating them as soon as people leave, not the next day.