Photo: David Zentz.
In 2015, Envision began work on deploying a common single sign-on approach so clinicians and business users could more easily access various applications.
“If our providers want to look at a paycheck or view shifts, having multiple logins is very counterproductive,” says CTO Bryan Ferrel. “We needed to have a way to give providers a much easier experience and a more common access methodology.” Envision chose to implement Okta’s cloud-based SSO solution based on the company’s reputation in healthcare.
“Okta’s previous work with providers was an important factor for us,” Ferrel says. “They had demonstrated success, including with two-factor authentication, which is a requirement for some healthcare-specific applications.”
When users want to access their applications, either behind the firewall or in the cloud, they open Okta and click on buttons on the screen, called chiclets. That allows users to sign in to their chosen app and authenticate themselves.
One of the initial challenges involved getting all the clinicians to register and create profiles in Okta, Ferrel says. Another was that some legacy applications did not initially work with the solution. Most of the enterprise applications were already enabled, however, so it was an easy rollout, he says.
As Envision provisions new employees, Okta, Microsoft Active Directory and Oracle are the trifecta of solutions on which it relies most. “We have some automated ways where we can onboard users as they join our team,” Ferrel says. “We are rolling that out across the entire organization.”
Use of Okta’s tools has expanded gradually throughout Envision, starting with small pilots and growing from there. “We are moving to a broader initiative for it to be our single sign-on solution across our entire portfolio of companies,” Ferrel says. “The technologists in our company have been very appreciative because it has very much simplified our work with the applications we interact with every day.”
Security Ownership Can Boost IAM Projects
IAM issues have grown more complex with the introduction of mobile devices and two-factor authentication. In the past, IAM focused more on username and password management, typically the responsibility of the infrastructure operations team.