ITV: UK TV network switches on single identity and access channel to unify and optimise global workforce
use Single Sign-On to easily access their work tools every day
integrated so far, to ensure they are available to the right people at the right time
are managed on Universal Directory to automate provisioning tasks
- Searching for simpler processes
- Tuning in to automation
- Reducing IT friction for users across the organisation
- Adopting a joined global approach to application access
- Making way for more innovation
ITV is a truly global, distributed media network of licensees, subsidiaries, and acquisitions, with a dynamic workforce that rotates depending on the project. To bring all these parties together to create the best possible work, the organisation needed a way to simplify internal processes related to identity access management.
ITV realised that if it wanted to eliminate issues with manual and inconsistent identity and access management processes, it needed an automated solution. But to make automation work, ITV first needed to ensure that its user identities were up-to-date across all its separate systems, and establish one single source of truth for access management. The organisation turned to Universal Directory as its solution of choice.
Aiming to further reduce operational overhead, ITV also looked at Okta to reduce IT friction for users, eliminating login-related helpdesk calls. To this end, it rolled out Single Sign-On with embedded Multi-Factor Authentication to enable employees to access their work tools easily, through just one portal, and securely, from any device.
So far, ITV has significantly reduced its dependence on on-premises hosted solutions, and has been able to establish a truly global approach to application access that is easy to use and simple to implement.
With Okta as its single point of administration for user identities, ITV now plans to implement API Access Management. ITV also aims to integrate its freelance contract management system to its internal portal using API Access Management to further automate the onboarding and offboarding experience across ITV.
“Our long-term aim is to simplify internal processes by reducing the amount of identity-related tickets that require manual action. By helping us manage all users from any number of sources in just one place, Universal Directory brings us significantly closer to that goal.”
Leon Topliss, Principal Enterprise Architect at ITV
All over the UK, 36.8 million people regularly tune in to ITV to watch their favourite programmes. The British free-to-air television network has something for everyone, from iconic soap operas, to documentaries, entertainment reality shows, and programmes of public importance, including daily news and election coverage. Launched in 1955 in London as Independent Television, ITV today attracts 61% of the nation’s television viewers.
ITV operates the largest family of free-to-air commercial channels in the UK, and delivers content through linear television broadcasting and on demand via the ITV Hub. As an integrated producer broadcaster, it creates, owns, and distributes high-quality content on multiple platforms globally. ITV Studios creates and produces content in the UK and internationally across 13 countries. The company also has several subscription video on demand services including BritBox UK, ITV Hub+, and BritBox US and Canada.
As a truly global and distributed organisation, ITV has been fine-tuning its approach to technology for years, always looking for the best way to support those working behind the scenes to entertain and inform viewers. To that end, ITV turned to the cloud in 2010, adopting Google Workspace to support internal collaboration and productivity, and AWS as its platform of choice for technical projects. But moving further into the cloud while maintaining a decentralised approach to technology brought challenges, such as how to manage identity and access across the organisation.
Leon Topliss, Principal Enterprise Architect at ITV, leads a team dedicated to solving these challenges through automation. “It’s the nature of our industry to have a very dynamic workforce. The talent involved in bringing our shows and services to life, such as freelancers, need to join and leave the company regularly at given times of production. Keeping track of them all, amongst a large global workforce, makes identity management quite challenging,” he shares.
The ITV technology team saw ITV’s identity and access management difficulties as an opportunity to establish more effective and secure practices. The solution needed to meet ITV’s requirements for lifecycle management, as well as be automatable through APIs, SaaS-based to minimise support overhead, and cloud-native to align with the wider goals of the business. So in 2019, they turned to Okta.
On a journey to bring a global media network closer together
Despite its growing cloud footprint, ITV relies mostly on an on-premises environment for its identity and access management needs. Active Directory (AD) and Active Directory Federation Service (ADFS) are managed by a central identity administration team responsible for giving users access to the applications they need. But as ITV’s workforce continually grows and changes, and more cloud-based applications are added, this became an increasingly challenging job.
“Although we have good processes in place and a dedicated team, we were faced with an identity silo problem: the large number of user identities from around the world were stored in different systems, and it was difficult to keep all of them up-to-date and aligned,” explains Leon.
Besides, the on-premises tools weren’t keeping up with ITV’s mission to automate processes and adopt more cloud-based solutions. “Our on-premises data centres didn’t match our cloud adoption strategy,” says Leon. “Their functionalities were limited, and lifecycle management was difficult. As a result, people were implementing bad authentication patterns, and because all the identity systems were decoupled, we had to manually make changes to each of them when problems came up, which was very time-consuming.”
At the heart of ITV’s challenge was an inconsistency between how user identities were stored in their main systems, which included Google Workspace, AD, and its HR database. Because some systems had been in place for years, and managed manually, there were discrepancies in how user data was recorded in each, making it difficult to provision and deprovision users accurately. To address this issue, Leon’s team needed to integrate ITV’s directories in order to establish one single point of truth for user identities across the organisation. The Okta Customer First team supported ITV by ensuring that they had access to relevant detailed product knowledge and guidance. The team also worked closely with ITV to navigate and overcome any design and implementation challenges that arose.
To begin, ITV entered a data analysis and remediation phase that entailed importing all user identity data from its systems into Google BigQuery. This way, ITV could gain visibility over all user identities in just one data warehouse, and through SQL queries, analyse and compare data across systems to identify which inaccuracies needed to be remediated. For example, the ITV identity team noticed that some employees were assigned to different departments in AD and Google Workspace, because when they changed roles within the company, their information was updated in some systems but not in others. Similarly, users who changed their legal name through marriage were registered differently in the HR system, AD, and Google Workspace, because their data hadn’t been updated across all systems.
Channeling easy-to-use tools for simpler business processes
Once the ITV team achieved a clean, consistent database of user identities across all systems, it moved to Universal Directory as its main identity source. This enabled ITV to integrate both cloud-based and on-premises applications with all other identity sources to effectively automate the provisioning and deprovisioning of users. “Our long-term aim is to simplify internal processes by reducing the amount of identity-related tickets that require manual action,” explains Leon of the transition. “By helping us manage all users from any number of sources in just one place, Universal Directory brings us significantly closer to that goal.”
This aim to reduce operational overhead for the central identity administration team also led ITV to harness Okta to reduce IT friction for users, eliminating login-related helpdesk calls. To this end, ITV started rolling out Single Sign-On, as well as Multi-Factor Authentication, using Okta Verify as a factor, as well as UbiKey, SMS, and biometrics where devices allowed. This would enable employees to access their work tools easily, through just one portal, and securely, from any device.
With a clearer picture of all active user identities in its system, and a better understanding of who needs access to what, ITV had the confidence to start boldly, running a month-long campaign to prepare people for the change and then rolling it out in a ‘big bang’ approach in February 2020. As its largest application in terms of users, ITV integrated Google Workspace first. By launching Okta on an app that the majority of the organisation used, ITV was able to design and run an organisation-wide campaign. This shortened the setup process for embedding Okta, and meant smaller changes and minimal disruption when new applications were added to Okta in the future. It was a great success.
“On the day we went live with Okta for the enterprise, most people started using Single Sign-On immediately,” shares Leon, “and those who didn’t soon showed an interest to adopt it, seeing how easily colleagues accessed their work tools through just one portal.”
Watching out for more opportunities to innovate
Today, the ITV identity team is at the heart of the organisation's modernisation initiatives. By further integrating applications with Okta, it aims to facilitate the implementation of consistent authentication processes globally. Ultimately, this will enable ITV to eliminate the risk of identity silos, further streamline processes through automation, and make it as easy as possible for employees all over the world to access the tools they need, securely.
“We’re looking to integrate our freelance contract management system with Okta APIs, so that we can further automate the onboarding and offboarding experience across ITV,” explains Leon.
Proud to have reduced the organisation’s dependence on on-premises hosted solutions, Leon concludes that ITV’s Okta implementation project, still in its early days, has already proved a success. “With Okta, we’ve been able to adopt a joined global approach to application access that is easy to use and simple to implement. I look forward to what we can accomplish next,” he shares.
Since going live, the ITV and Customer Success team continue to collaborate closely, with ITV supporting other Okta customers at the start of their journey by sharing their experiences and problem-solving approach. ITV have also embraced Okta's training programme, with some employees going from completing training to achieving certification.