Okta Identity Management Service speeds deployment, cuts costs, enables Single Sign-on, and creates seamless new offering for Purolator customers, starting with Xerox.
Objective
One of Purolator’s key initiatives to enhance their returns service offerings was to create a customized solution for Xerox Canada (Xerox) based on their e-Returns portal. As part of the Xerox Green World Alliance (GWA) program the new portal simplifies the process for customers to ship used toner and supplies for recycling, helping to divert an estimated 673 thousand kilograms of spent imaging supplies from Canada’s land fills each year.
As a result of its collaborative partnership with Purolator, customers can now visit the Xerox GWA website to register, print detailed shipping labels and arrange for convenient pickup of these waste materials by Purolator and have them returned to Xerox approved locations - at no additional cost.
The Situation
Creating a new e-Returns portal
Purolator created the e-Returns portal in 2011 using Salesforce.com’s development platform. The solution leveraged Salesforce.com’s customer portal standard offering and included the creation of a customer-facing web site to help process return requests.
Separately, Xerox had just implemented a new, open-SSO platform for single sign-on, providing users with just one login ID and password to access many of their separate Xerox web applications. After going to all of the effort of rolling out single sign-on access for their customer-facing web applications, the Xerox IT team didn’t want to have to explain to users that there was now a new application that needed a separate ID login and password. This was simply not an option after the lengthy and highly successful SSO project implementation at Xerox.
The Solution
Choosing Okta
In order to provide SSO access to the new e-Returns portal, Purolator needed to find a way to have Xerox’s existing open single sign-on provider federate through another single sign-on provider.
By using the Okta identity management service, Purolator has now created a seamless process between Xerox and Purolator, to be used by everyone who accesses the portal to handle their returns. With Okta, users simply go to the Xerox website and login using their SSO login and password. Okta then passes those user credentials from the Xerox site to the Purolator site, and authenticates them against the existing user stores and directories. The entire process is transparent to Xerox end users - they are not aware that Okta’s on-demand service is being used to federate the credentials behind the scenes between the two sites.
Deployment
Xerox had been pushing hard to get the SSO functionality installed quickly so they could launch the new e-Returns capability to their end-customers. Purolator was also motivated to have this functionality go live as soon as possible so they could start receiving the additional shipping revenue this portal would create from returns by Xerox customers. In order to meet the demands of both organizations, a short deployment time was essential for any solution Purolator selected.
With Okta, the e-Returns SSO deployment went even better than planned. “We knew a six-week rollout was a very aggressive goal, but we actually completed the project ahead of schedule,” noted Graeme Shiomi, Director, Solution Delivery, Innovapost. “We anticipated there would be some hiccups initially to get the connection working properly. But we started and finished on the same day, with just a bit of standard fine tuning to get the endpoints configured.”
Why Okta?
Shiomi explained the reasoning behind the decision to use the Okta service, versus building an SSO integration internally with the salesforce.com portal. “If we had performed the SSO integration ourselves, it would have taken much longer and cost significantly more - keeping our IT team from performing other strategic IT assignments. Leveraging Okta’s SaaS model and expertise was a great decision for us in terms of speed, costs and our resource utilization.”
Shiomi also noted that there is a limitation associated with the integration of SSO with a salesforce.com implementation. “Salesforce.com does not support multiple IDs when trying to authenticate each against a single portal. We would have had to set up a separate salesforce.com portal for each of Purolator’s customers. With Okta, we can do this with just one portal, as opposed to building a separate integration for every single customer. This will enable us to easily scale this solution to serve additional Purolator customers as well.”
Before making the decision to go with Okta, Purolator investigated a few different identity management providers. “There were a few that offered the ability to host the application somewhere in the cloud, but they were not true software-as-a-service solutions,” explained Shiomi. “This would have required us to make additional infrastructure investments. Also, with the SaaS paradigm, we know how quickly vendors can make changes and upgrades to their service. You don’t have to wait for an official upgrade to the next version, it just happens. This is another big benefit of using the Okta service.”
The Benefits
The Okta service has enabled Purolator to achieve substantial cost savings, both in terms of human resources and IT infrastructure. Purolator now has the ability to scale the e-Returns solution, potentially serving many other customers that prefer not to use a homegrown solution to achieve SSO access to the application. This definitely strengthens the portfolio of functions that Purolator can offer to these other customers.
The new Purolator e-Returns portal was an instant hit with Xerox customers. Thousands of new return shipments were processed through Purolator during the first month the solution went live. Xerox has realized significant cost savings from the Okta solution and enhanced the efficiency of their returns model. Shiomi explained, “These returns are not all coming from a central location; they are coming from thousands of distributed customer locations. It was very important for Xerox to have the ability to allow people create these labels easily through SSO to a web application. This arrangement was only made possible by using the Okta service.”
Working with Okta
“One of the key benefits to working with Okta - on top of the fact that they have great technology available for us to use - is the fact that Okta has a highly skilled team of multi-disciplinary professionals,” Shiomi noted. “The Okta team was able to provide guidance on how we could best implement single sign-on for this very specific application, particularly around automatic user provisioning. But the Okta professionals not only worked directly with us, they also provided assistance to Xerox, working closely with their open SSO provider to solve a few technical issues. As a result, Okta has now become a trusted partner and advisor for us in the identity management space.”