Relay GSE made use of many SaaS applications authenticating through Okta for Single Sign-on capabilities. Okta provided both students and staff with a seamless experience when logging into various applications such as Zoom, Smartsheet, and Microsoft 365. Over time though, Okta became disorganized, incurred increased maintenance and license costs. All these, combined with the rollout of a new Student Information System, prompted Relay GSE management to look for alternative Cloud Identity Providers (IdP). Having already rolled out Microsoft 365 internally, Azure AD was an in-house option to replace Okta as their IdP and Single sign-on solution.
Netwoven assessed their current Okta environment to catalog the following-
- All users
- Features used
The target Azure AD environment was also examined for best practices around user security, branding, application provisioning, group-based licensing and assignments, application consent, and more. A strategy and roadmap were developed which included:
- Reports on what was being used in Okta and by whom
- Health check and improvements on the current Azure AD
- Migration mappings for Users and Applications (e.g. SAML, Plugin, OAUTH)
- A detailed schedule for each object/feature migrating from Okta
- Cutover strategy assessment (Big bang, waves by user type, waves by application priority)
- Security hardening plans for users using MFA, and application authentication methods
Netwoven worked closely with the customer to execute the strategy, starting with -
- Hardening Azure AD
- Staging objects in Azure AD
- Migrating guest accounts
- Migrating applications by waves
The Netwoven team went with the approach of migrating applications by waves but created linked applications to act as pointers in Azure AD which made the migration seem like a big bang to users. This approach afforded the team the required flexibility when migrating some of the smaller applications, as the team just hid the linked app and made the true app visible in Azure AD.
Making use of the already existing Microsoft Identity stack saved Relay GSE on costs from duplicate services and allowed all the business applications to use Single Sign-On through the robust Azure AD platform. The advantages gained by the customer due to migration to Azure AD from Okta were-
- Cost savings
- Reduced the number of licenses users owned for different Identity Platforms
- Great user experience
- Users are automatically and seamlessly signed into both on-premises and cloud-based applications
- Easy to administer
- No additional components are needed on-premise to make it work
- Consolidating similar tools in one platform for EDR, remote monitoring, and management, etc.
As the new Student Information System rolls out Azure AD will take on a bigger role during account provisioning, application assignment, access/usage reviews, and entitlement governance.
Okta to Azure AD migration
Our experience working with the Netwoven team was excellent. They demonstrated a high level of expertise and admirable quality of work which helped us solve any challenges that occurred during the migration process and assisted us in the timely completion of the project. I’m extremely satisfied with the smooth execution of the project and the overall outcome achieved.
Joaquin AlvarezSenior Director
About Relay Graduate School of EducationRelay GSE is an accredited nonprofit institution of higher education serving 4,000 teachers and 1,200 school leaders, with campuses across the United States and online classes available anywhere. They offer degree programs, professional development, and unique learning experiences for teachers, principals, college students, and members of the public. Relay GSE collaborates with many peer institutions of higher education, educational nonprofits, public school districts, and public charter networks across the country.