[Issue] Increased operational burden related to authentication due to expanded use of the cloud

ADK Creative One Co., Ltd. was newly established in 2019 through the management integration of the creative solutions business sector of ADK Group, ADK Holdings Inc., Ltd. We are a one-stop shop for communication strategy planning, production, and implementation, and we use the latest technology for various media such as mass media and digital media to provide high-quality and optimal solutions to the issues our customers face. Offer. With various creative boutiques in the group, we continue to create ideas that are not bound by common sense, such as PR-inspired creatives that create news that moves society, and new ideas for experiential communication.

Since many of the creators who belong to the company are active outside the company, such as at events and on location, they have been actively promoting the use of cloud services since 2010 during the ADK Arts era. There is a history of proactively developing a mechanism that allows smooth use of devices even from outside the company, such as introducing smartphones throughout the company.

In the process, the problem was the increase in the operational burden related to single sign-on (SSO) due to the expansion of the use of cloud services. “From the beginning, we introduced domestic SSO products and created an environment that is easy to use in the field. It became difficult to cover maintenance and improved convenience with operations,” said Akihiko Oumi, Assistant General Manager of the Business Planning and Management Division, looking back on those days.

In addition to the settings for linking with SSO products for each service required for SSO, authentication enhancement settings were made to limit the terminals that can access services. However, if the user is unable to log on due to a problem on the terminal side, the administrator is required to handle the re-authentication and registration work one by one, and the operational burden increases sharply. At times, more than 120 authentication-related tickets were issued in a year, and the number of cases handled increased as the service expanded. At that time, when considering the introduction of Adobe Creative Cloud as a tool for creative production, it became clear that it was difficult to support SSO with conventional tools. Therefore, a renovation to a new authentication infrastructure was required, including the reduction of increasing operating costs.

[Selection] Supports cloud-specific authorizations, and is highly evaluated for its support for many authentication methods

While searching for a new environment, they focused on Okta, which provides IDaaS solutions globally. An environment that allows SSO, including Adobe Creative Cloud, has been developed, and the cloud services that can be connected boast the largest scale since that time, and detailed control according to the authority of each service is possible. Also appreciated. In fact, Adobe itself has adopted Okta as an authentication platform for Adobe Creative Cloud, and it is said that Okta was highly evaluated in terms of performance. “There are many solutions that simply authenticate, but the reality is that in many cases they do not support detailed permissions for each service. Detailed security permissions can be granted for each account based on each user's attribute information.Since we use Salesforce as the Company personnel information management, a certain cloud service is only available to users with specific attribute information on Salesforce. It is now possible to have them use it,” said Mr. Omi.

One of the big reasons for choosing Okta is that there are many authentication methods to choose from. “In the past, web browsers were used extensively, so we knew that this was a method with security issues, but the real solution was to embed the key in the cache information of the web. In addition to the need to set up the location in the network, Okta also had problems in terms of operation, such as re-registration if the cache information disappeared. It supports many authentication methods, such as using Okta Verify of the client application, and we thought that it would be highly scalable in the future and would also lead to a reduction in the operational burden. It had a clear policy, and I was impressed with it.”

At that time, there were no examples of introduction in Japan, but IDaaS is the cornerstone of management and security in cloud services, and once introduced, it is difficult to replace it, so we emphasized the speed and direction of long-term evolution. Okta has earned a top-class reputation in the IDaaS market worldwide and is in a position to lead the market.

【運用と評価】認証に関する問い合わせ件数は半減、リソース不足の解消に大きく貢献

At the beginning of the Okta contract, it was operated with about 400 accounts, but now the number of users has increased to about 700 due to the effects of corporate integration, etc., including PCs with Windows OS and Mac OS, iPhones, etc. are also being used on mobile devices. In addition, it is currently flexibly linked with MobileIron UEM, an MDM solution, and MobileIron Access, an optional product. ing. The services that are authenticated by Okta are mainly Salesforce, Box, and independently created groupware, and at the time of introduction, Office365 services were also included (currently managed by Holdings).

In actual operation, after synchronizing the information required for authentication from Salesforce, which manages employee information, to Okta's Universal Directory, Okta determines the accessing user and switches the authentication method each time. For temporary use, including partners, authentication is performed by individually registering user information on Okta, and in the case of partners, additional authentication is performed by Okta Verify as multi-factor authentication (MFA). Another merit of introducing Okta is that it can flexibly respond according to user attributes, such as cooperation with MobileIron and incorporation of MFA.

When introducing a new cloud service, Okta provides a wealth of templates for linking with the cloud service, and the IT department can complete SSO configuration with the cloud service in less than 30 minutes. It was a shock. In addition to lowering the hurdles for introducing and deploying cloud services, it is highly appreciated that the authentication infrastructure can be established in a safe manner without any operational burden, such as eliminating the need to develop the authentication part for in-house developed applications. . “Not only did the number of inquiries related to authentication problems decrease by about 50%, but regular analysis of the content of inquiries also helped improve operations. Satisfaction is high. By reducing the number of inquiries, it is a situation that greatly contributes to improving the service level for users. “The ideal is to be able to use the service safely without the user being aware of it. Okta makes that ideal a reality,” says Mr. Oumi. One of the advantages is that the authentication method can be flexibly changed from the Okta management console even in the current corona crisis.

Regarding Okta's appeal, Mr. Oumi emphasizes that it has a clear future vision and accurately grasps the trends of the world. “I can sympathize with the company’s vision in many ways, such as investing in functions that will become more convenient, such as the ability to organize workflows from employee information. I was surprised that functions that are taken for granted today, such as the ability to provision the environment using Okta, were implemented back then.” Not only can various settings be made from the screen UI, but one of the great attractions is the flexibility of the service, such as the ability to implement the necessary functions by themselves.

[Future] We will continue to pay attention to the concept of Universal Directory, which does not depend on Active Directory.

Now that the group has been integrated, the role played by Mr. Oumi and the nature of authentication have changed. It is said that he is interested in Okta's mechanism that will lead to further improvement of security level, such as utilizing information from. In particular, since the company has a large number of Mac users, Mr. Oumi says he has high hopes for Okta's Universal Directory, which enables authentication without using Active Directory as a source. “Many cloud vendors are proceeding with verifications with Okta, and the fact that linking with the Universal Directory has now become the standard is another trend that we would like to pay close attention to.”

At the time of the introduction, Okta did not have a Japanese subsidiary, so there were issues with communication with Okta such as troubleshooting and obtaining new information, but Macnica, which is provided with MobileIron, started handling Okta. We are looking forward to creating an environment where we can listen to the needs of the Japanese side and make strong requests for functional implementation. "When I look at the support for MobileIron, I am impressed that it is one of the best in the world. I hope that you will continue to support us as a strong link with manufacturers," he said in closing.