Telenet Group: Making secure access simple for 14,000 internal and external workers with Okta
users connected to Okta within days
on-premises and 50 SaaS apps secured with Adaptive Multi-factor Authentication
push-notification to log in with Okta Verify, replacing 45-second Captcha-based logins and hard-to-manage client certificate based authentication
- Connecting employees to connect Belgium
- Selecting Okta for security, manageability, and cost
- Gradual migration, immediate benefits
- Combining convenience with security
- Evolving with Okta
To provide customers across Belgium with high-quality telco and entertainment services, the Telenet Group relies on more than 14,000 employees and external professionals, who all need access to the company’s infrastructure. Managing these identities in a secure, cost-efficient, and flexible way across multiple cloud and on-premises environments was increasingly difficult with the legacy access management solution.
Telenet worked with long-standing partner Upright Security to select the right AM solution based on three major criteria: security, manageability, and cost. Okta beat out the competition by delivering more powerful multi-tenancy capabilities, more control over security, and cost-efficient scalability thanks to its transparent subscription model and pre-build integrations.
With support from Upright Security, Telenet was able to implement Okta’s core features, such as Adaptive Multi-factor Authentication, quickly by using Okta's programmatically-built inbound federation IdP Discovery to connect Okta with the legacy stack. This enabled a gradual migration, onboarding all 14,000 users at their convenience, and allowed the team to migrate applications one by one (avoiding the need to code manually), whilst retiring their legacy solution and saving the associated upgrade, patching, infrastructure, service ops, integration, and license costs.
Okta’s Adaptive Multi-factor Authentication has made Telenet’s login processes more secure and convenient, allowing users to access internal apps remotely with their personal devices and verify their identity with Okta Verify. Deployment was easy across nine tenants, as Okta was able to immediately accomplish directory joins, and with centralised governance, Telenet’s IT team has more control over its diverse user base and can onboard new entities more quickly.
Ready to evolve alongside Okta, Telenet is constantly exploring new solutions to empower its workforce with added convenience, while adhering to the highest security standards. Beyond FastPass for passwordless logins, and Advanced Server Access to strengthen access control for external users, Telenet has started looking into Okta’s customer-facing initiatives as well.
Being able to bring cloud agility to our hybrid stack of both on-premise and cloud apps is a huge motivator for us. It allows us to evolve alongside Okta and leverage new cloud features quickly. Combined with end-to-end support from Upright Security, Okta will enable us to move even faster in the future.
Mark Van Tiggel, Director Security, Telenet
Benefits
- 14,000 users connected to Okta within days
- 95 on-premises and 50 SaaS apps secured with Adaptive Multi-factor Authentication
- Full access to Okta’s MFA and SSO features during gradual migration, even for on-premises apps, by connecting the legacy stack via IdP discovery
- 1 push-notification to log in with Okta Verify, replacing 45-second Captcha-based logins
Do you ever find it challenging to stay in touch with people? You’re not alone: in the UK, for example, 6 in 10 adults admit that they’re “rubbish” at it. At least, it’s never been easier to do something about that. You can call your friends up, send them a quick message, or even just check out what they’re up to on social media. But to do any of that, you need a telecom provider.
In our mobile-first and digital world, telecom services have become the engines of human connection. For Telenet Group, Belgium’s largest provider of cable broadband services, connectivity is about more than high speeds and large networks: it’s a constant effort to connect customers with perfect experiences in the digital world, fuelled by the ambition to make life easier and happier.
“We provide typical telco services like mobile telephony, broadband internet, as well as fixed telephony and a digital TV offering, but we don't stop there,” explains Mark Van Tiggel, Director Security at Telenet. “We also own a broadcasting network with our own creative branch for local productions, and we’re engaged in a number of joint ventures, such as Streamz, which many call the Belgium Netflix.”
Connecting people is a team effort, and Telenet relies on more than 3,000 internal employees, as well as external consultants, partners, dealers, and subcontractors. Overall, more than 14,000 users need regular access to Telenet’s services. Because these services are spread across hybrid cloud environments, with more than 95 on-premises and 50 SaaS applications, Mark and his team were reaching the limits of their legacy access management (AM) solution.
“Our on-premises AM platform required constant maintenance,” says Mark. “To stay on top of vulnerabilities we patched regularly, taking a week or so of time, and then we had to upgrade it every three years or so, which can take more than a year and involves multiple internal and external employees. It was an expensive and high-effort endeavour, without giving us the flexibility we needed. That’s why we began looking for a new solution.”
Selecting Okta for security, manageability, and cost
To pick a new AM vendor, Mark and his team decided to build on Telenet’s long-standing partnership with Upright Security, a dynamic team of identity specialists. “We’ve been working with Upright Security for more than 10 years and know how committed the team is, and that they go above and beyond to support us,” says Mark.
When comparing Okta’s capabilities with other vendors, Mark and his team had three major criteria: security, manageability, and cost. Telenet’s infrastructure consists of nine different environments, from development to testing and production, with many on-prem applications. This required a solution that could dynamically cater to these environments and provide adaptive authentication processes, including header-based authentication. With more powerful multi-tenancy capabilities than the competition, Okta pulled ahead.
“Addressing multiple tenants with the other solutions we’ve looked at would have been more complex to manage and also more costly,” says Mark. “But unlike other vendors, Okta doesn’t choose convenience over security either: my security team and I really have ownership of the platform and can decide on rules and policies, which makes it easier to meet our security requirements.”
Overall, Okta best met Telenet’s three selection criteria. “We need to manage more than 14,000 identities in a secure, compliant, cost-efficient, and flexible way across multiple environments,” says Mark. “Okta enabled us to do just that, and with a level of end-to-end implementation support from Upright Security that’s difficult to find for other identity solutions.”
Connecting the legacy stack with the cloud future
With the convenience of more than 14,000 users in mind, Mark and his team didn’t want to go ‘big bang’, but onboard identities and applications gradually. This is often done during a digital transformation of a complex environment. The initial Okta setup, however, didn’t take long: “After signing the contracts, Okta’s connections to our nine tenants were up and running within days, and Upright Security helped us to configure everything properly,” says Mark. “We didn’t experience any real bottlenecks and got the environments operationally running quickly.”
Despite a huge number of applications and a complex hybrid environment, Telenet was able to leverage the power of Okta from the get-go by connecting the new solution with the legacy stack via programmatic IdP Discovery and inbound federation. Upright Security helped set up this connection within the initial set up of a few days, laying the foundation for a soft migration with maximum convenience.
This approach meant Telenet didn’t have to build out things like MFA on top of their legacy solutions’ nine tenants. This meant SSO integrations were made to Okta directly, instead of connecting each app individually to each tenant, avoiding another complex project. Okta's approach also meant Telenet didn’t have to reengineer these connections every time they did a major upgrade, saving more time and cost down the line.
“With programmatic IdP Discovery and inbound federation, we can use Okta to authenticate applications that are still coupled with the legacy stack,” says Cédric Gossé, Security Architect & Partner at Upright Security. “Because of that, we were able to leverage Okta features, such as Adaptive Multi-factor Authentication, from the beginning.”
From lengthy Captchas and frustrating certificates to instant access with MFA
Today, all 14,000 internal and external users at Telenet interact with Okta. After logging on with Okta and with security provided by Adaptive Multi-Factor Authentication, users either Single Sign On into apps via their home dashboard or access the Telenet's old stack (as it is being migrated over time). This makes for a seamless transition.
“Okta’s integrations enabled us to onboard users at their convenience, before making the change mandatory,” says Mark. “This meant less work for us, because we didn’t have to migrate all the apps at once, and made the onboarding process easier for our employees.”
Telenet had an SSO solution in place prior to Okta, but getting users through the login process in a secure and convenient way used to be difficult. What was missing was an elegant way to connect non-corporate devices with certain apps, such as Salesforce. Employees had to either install certificates via help desk support, which was time-consuming and didn’t work for all applications, or log in with Captchas, which was tedious and didn’t account for stolen devices.
With Okta’s Adaptive Multi-factor Authentication, Telenet’s login processes have become more secure and convenient: employees can use several authentication methods, such as Okta Verify, and easily verify their identity by approving a push notification.
“Allowing the use of applications on non-corporate devices used to be a true hassle,” says Mark. “Logging in with Captchas used to take 45 seconds, now it’s almost instant. That’s why people really like the simplicity of Okta Verify.”
Going cloud to connect Belgium
Telenet has seen tremendous growth in the past years and continues to expand, sometimes by acquiring new companies. For Mark and his team, consolidating the IT landscape and identity processes after an acquisition is usually the first challenge, and Okta has greatly reduced friction during that stage.
“Okta’s fast deployment and its scalable flexibility, combined with the subscription-based model, enables us to integrate new companies quickly, without having to worry about individual apps, certificates, or devices,” says Mark. “Having Okta’s cloud solution in place, which is accessible from anywhere, adds a huge convenience factor.”
Currently, Mark and his team are rolling out Okta Access Gateway to enable employees to access all of Telenet’s on-prem apps. Next, they’re planning to use Okta to further shore up convenience and security at the company. With Okta’s FastPass solution, Telenet could move beyond passwords to make logins even simpler and more secure. Because the number of external users will only grow in the future, the team is looking into Advanced Server Access to apply secure access control to servers. Further down the line, Okta’s customer-facing initiatives could become relevant as well.
To provide perfect digital experiences to customers and employees alike, Telenet needs to be at the forefront of digital transformation and evolve to meet changing employee and customer requirements. Thanks to Okta, the company’s large on-premises footprint isn’t in the way of digital innovation, and lengthy updates are a thing of the past.
“Being able to bring cloud agility to our hybrid stack and on-prem apps is a huge motivator for us,” says Mark. “It allows us to evolve alongside Okta and leverage new cloud features quickly. Combined with end-to-end support from Upright Security, Okta will enable us to move even faster in the future.”