Global mobility company Vialto Partners provides legal, immigration, and taxation support for employees relocating for work assignments; this includes documentation such as visas, tax forms, work permits, housing applications, and more. In their separation from a larger professional services firm, they needed to build a foundational tech stack to support their ambitious scaling and growth goals. The company manages a vast amount of personally identifying information (PII) across more than 150 countries and territories which means they have to vigilantly maintain compliance with security regulations. Protecting that information led the organization to a search for an Identity solution that was cloud-first, reliable, and recoverable in the event of a disaster. This search led the team to Okta. Centralizing Identity management to support a global organizationFor Vialto Partners, effective and efficient Identity management is both a compliance need as well as part of their own product offering. They chose Okta so they could centralize their Identity needs into a single solution. “I advocated for Okta from the beginning because I’ve designed and used many Identity solutions over my career,” says Dr. John Heedley, Global Head of Identity and Access Management at Vialto Partners. “Okta gives me visibility across hundreds of applications and more than a million customer Identities in one place.” In his previous roles, Heedley had tested other Identity solutions but found their manual features to be time consuming and costly. “Other governance products I’ve used require API connectors that can cost thousands of dollars each,” he shares. “Because of that, companies will pick and choose which applications to certify against, and if an auditor asks why a critical application wasn’t reviewed, ‘it cost too much’ isn’t going to fly.” The team also has a small Identity security team, so they have to be strategic about where they spend their time and resources. By connecting all of their Identity infrastructure through Okta, they saw an opportunity to automate workflows, outsource no-code work to analysts, and give their engineers time back to focus on new product features and launches. Once Vialto Partners chose Okta, they were able to deploy and provision their entire workforce with Workforce Identity Cloud (WIC) and more than 50% of their 1.5 million customer Identities with Customer Identity Cloud (CIC) within 90 days. “We beat our implementation goal by leaps and bounds because we didn’t have to build new Identity infrastructure. Okta took care of it all,” Heedley says. “Okta Identity Governance (OIG) was even faster. It was in my preview tenant by the time I was off of the sales call and in production within hours.” Achieving global compliance by leading with Identity governanceAnother key factor for choosing Okta was having a governance solution in the same place as the rest of the company’s Identity management. “Governance is complicated. At a minimum, you need to tick your boxes to meet core standards — such as SOC II, NIST, and ISO — and enforce Multi-Factor Authentication” says Heedley. “OIG met those and more right out of the box and exists in the same tenant as the rest of my Identity management.” With OIG deployed, the team was able to quickly connect it to their existing Lifecycle Management processes to inform governance policies based on existing Identity groups. Now, rather than using API connectors, Vialto Partners can see exactly who has access to which applications as soon as an application is onboarded into Okta. “I know not only exactly when a team member is deprovisioned, terminated, or on a leave of absence, I also know which of those changes happened and can use that information to inform access certifications,” Heedley says. With this information available, the team can manage access reviews and certification campaigns in a single place. Managers gain contextualized insight into a user’s permissions and can approve or revoke those permissions with the click of a button. Since access to applications is now managed through OIG and Workflows, and these processes are easy to manage and user-friendly, Vialto Partners’s engineers get time back. They can prioritize backlogged projects and new research and development initiatives while more junior team members manage Identity. “OIG is easy to use and written in plain language. I was able to assign our governance tasks to an intern who had never worked in Identity, and now he’s my governance lead,” Heedley says. These more junior team members now help manage Vialto Partners’ Workflows to create custom connections across Identity processes. “We’ve designed a segregation of duties workflow that helps us prevent users from accidentally gaining access to a toxic combination of roles,” Heedley shares. “If someone does get access, their supervisor is notified, and the level of risk is ranked. This way we can get ahead of these combinations and prevent application and access sprawl from becoming a problem.” Helping end-users access mobility applications faster and more securelyVialto Partners’s B2B customers depend on the company’s suite of mobility applications to help their employees relocate and manage their data. Prior to adopting Okta, Vialto Partners evaluated building a customer Identity solution. They quickly found that building their own solution would have cost more than $2.5 million and would not have been completed in the required timelines for the company to support its clients and provide the quality they deserve and expect. With Okta CIC, the company can ensure that their more than 1.5 million end users and more than 100 customer-facing apps are secure and always available. They’re also able to deploy solutions such as Single Sign-On in a fraction of the time it would have taken with another Identity provider. “Another company told us it would take 48 to 72 hours to federate a client. With Okta CIC, it takes 15 minutes across multiple environments,” Heedley says. “I would challenge any other organization to set up a SAML or OIDC Connection for SSO that quickly.” Leading the future of Identity with standardizationFrom a technical perspective, Vialto Partners looks to continue to grow their security posture. They want to give their clients more control over end-user accounts with Fine Grained Authorization and further secure their devices post-login with Device Access. But at a higher level, Heedley and his team sees the Interoperability Profile for Secure Identity in the Enterprise (IPSIE) as the future of unified Identity security. “A new industry standard will allow me to speak to my clients and technical teams in a single language, regardless of our technical backgrounds or experiences,” Heedley says. “It’s a cultural improvement and a massive cost optimization because my customers and I will be able to further consolidate any Identity-related technology with Okta.” |
About Vialto PartnersVialto Partners is a technology-driven global mobility company that supports employees relocating for either short- or long-term work assignments. They do this by providing solutions that help companies and employees manage cross-border compliance and risk assessment for tax, immigration, business travel, rewards and compensation, and remote work. |
