The identity challenge
“We run the best business possible by understanding who our members are and how our gyms are used. That means giving the right staff the right access to the right data. To do that we have to create an environment that's safe from a data and an operational perspective. But we have hundreds of members of staff, some of whom are not tech savvy and many of whom move from gym to gym. That creates an identity challenge,” says Jasper. “We needed to create an identity layer that enables our staff to do their jobs to the best of their abilities and enables us to leverage the valuable assets we have in terms of data and systems in a way that is not interruptive and is really secure.”
To add to this complexity, The Gym Group became a public company in 2015 and overhauled its technology in every area of the business. It now runs multiple enterprise softwares, including Microsoft Office 365 and the Workday, as well as internal solutions for health and safety, gym services, member management, and marketing.
Prior to Okta a new joiner, or a common occurrence such as an employee location move, would have resulted in a 3-5 day wait for this to be actioned with risk of errors occuring. This was due to the manual process of entering users into directories by a 3rd party after a user was created or updated in their HR solution Workday. Okta has automated this so that an employee exists within user directories on day 1, so no time elapses with employees waiting for access as states are instantly reflected within IT with no need for 3rd parties.
Since deploying Okta, The Gym Group has grown from 500 to 600 employees and Okta has 100% automated the creation of these new users within directories by sourcing from HR, saving 25 hours a year of IT time spent manually entering data.
After a new user was created in directories, they needed access to their standard or birthright apps such as Office 365, Workday, Box, FreshService, PowerBI and Egencia. Previously this was done manually taking 15 minutes per app, but with Okta this is automated. Without Okta, this year The Gym Group would have spent 450 hours provisioning new users only into birthright apps at a manual IT cost of £17K a year. With Okta day 1, provisioning to 6 birthright apps is done 100% automatically and this cost & time is saved.
By automating the access management of all these platforms, The Gym Group could quickly and easily on-board and off-board employees, allowing only authorized staff access to each platform. “As the group grew and the gym estate spread across the UK, it has also become common for managers to move around from region to region. This means that the access managers require for information on different sites can quickly change,” adds Jasper. The Gym Group now has more than 10 core applications integrated with Okta’s Workforce Identity Cloud platform, including Workday, Salesforce and Office 365. Staff use the system’s Single Sign-On (SSO) solution to quickly and securely log in to all their apps.
Adapted Multi-Factor Authentication is a game-changer
The Gym Group also added Okta’s Adaptive Multi-Factor Authentication (MFA) solution at the beginning of 2022 and it instantly made life easier for its geographically dispersed workforce, many of whom often switch between sites.
“Adaptive MFA is a big win for us, because it allows us to integrate all of our different applications, which we weren't able to do before, and it’s a real time saver. Using Adaptive MFA with Workday, we can quickly patch people into different sites and add and remove them from groups and platforms and change their reporting lines,” says Jasper.
And to verify sign-in to its various systems, The Gym Group uses Okta Verify, which allows people to securely access their apps via a two-step verification process using push notifications, a temporary 6-digit code, or biometrics. “Okta Verify is a fantastic tool for MFA,” says Jasper. “You can configure it in the way that suits you and your users and profiles. It's a powerful tool that enables us to create the best possible security envelope without impacting employee experience, which is really valuable. They just receive the SMS on their phone or watch, or use the Okta Verify app.”
Prior to Okta, The Gym Group only had 1 of its core apps enabled for MFA. If they had continued with this approach, each core app when accessed each day would have generated an MFA challenge for its users. As Okta has consolidated 10 app authentications a day down to 1 with Okta, it has avoided 9 MFA prompts by just doing it once, creating a 90% reduction in potential MFA challenges worth 16,875 hours of time this year or £513K of general staff hourly productivity.
The Gym Group has also recently upgraded its Customer Identity and Access Management with the Customer Identity Cloud solution. “We seamlessly migrated over 800,000 gym members over from our proprietary system to Customer Identity Cloud, giving them a Single Sign-On for all our consumer-facing apps. We haven’t made full use of everything it offers yet, but we will be doing so over the next few months,” says Jasper.
Okta and Auth0 aid governance reporting
The Gym Group is now a listed company, so it has to ensure it meets compliance obligations. The company has found this easier now it is using a variety of Customer Identity Cloud solutions. Jasper says: “Thanks to Okta and Customer Identity Cloud, we now have a much more granular understanding of what’s happening across the business and it’s so much easier for us to audit our security to meet our compliance and regulatory obligations.”
In the future, The Gym Group is considering becoming ISO 27001 accredited and as Okta’s solutions already comply with this security standard, Jasper is confident that it will speed up this process. “Being able to demonstrate that we use the Okta identity platform for our information security management satisfies all of our stakeholders and helps us to pass regulatory specifications,” he says. “It ticks so many boxes for us, I sleep better knowing that we have a top quality, Identity and Access Management platform in place.”
