Learn how Netwoven helped Relay GSE implement Azure AD single sign-on

Relay Graduate School of Education
Customer Relay Graduate School of Education IndustryNon-profit OrganizationOrganization Size201-500CountryNew York

Business Challenge

Relay GSE made use of many SaaS applications authenticating through Okta for Single Sign-on capabilities. Okta provided both students and staff with a seamless experience when logging into various applications such as Zoom, Smartsheet, and Microsoft 365. Over time though, Okta became overrun with individual assignments, increased maintenance and license costs. All these, combined with the rollout of a new Student Information System, prompted Relay GSC management to look for alternative Cloud Identity Providers (IdP). Having already rolled out Microsoft 365 internally, Azure AD was an in-house option to replace Okta as their IdP and Single sign-on solution.


Netwoven assessed their current Okta environment to catalog the following-

  • All users
  • Applications
  • Features used
  • Customizations
  • Groups
  • Security

The target Azure AD environment was also examined for best practices around user security, branding, application provisioning, group-based licensing and assignments, application consent, and more. A strategy and roadmap were developed which included:

  • Reports on what was being used in Okta and by whom
  • Health check and improvements on the current Azure AD
  • Migration mappings for Users and Applications (e.g. SAML, Plugin, OAUTH)
  • A detailed schedule for each object/feature migrating from Okta
  • Cutover strategy assessment (Big bang, waves by user type, waves by application priority)
  • Security hardening plans for users using MFA, and application authentication methods

Netwoven worked closely with the customer to execute the strategy, starting with -

  • Hardening Azure AD
  • Staging objects in Azure AD
  • Migrating guest accounts
  • Migrating applications by waves

The Netwoven team went with the approach of migrating applications by waves but created linked applications to act as pointers in Azure AD which made the migration seem like a big bang to users. This approach afforded the team the required flexibility when migrating some of the smaller applications, as the team just hid the linked app and made the true app visible in Azure AD.

Business Benefits

Making use of the already existing Microsoft Identity stack saved Relay GSE on costs from duplicate services and allowed all the business applications to use single sign-on through the robust Azure AD platform. The advantages gained by the customer due to migration to Azure AD from Okta were-

  • Great user experience
    • Users are automatically and seamlessly signed into both on-premises and cloud-based applications
    • Users don't have to enter their passwords repeatedly
  • Easy to administer
    • No additional components are needed on-premise to make it work
    • Works with any method of cloud authentication- Password Hash Synchronization or Pass-through Authentication
    • Can be rolled out to some or all the users using Group Policy.

As the new student Information System rolls out Azure AD will take on a bigger role during account provisioning, application assignment, access/usage reviews, and entitlement governance.

About Relay Graduate School of EducationRelay GSE is an accredited not-for-profit institution of higher education serving 4,000 teachers and 1,200 school leaders across the United States. They offer degree programs, professional development, and unique learning experiences for teachers, principals, college students, and members of the public. Relay GSE collaborates with many peer institutions of higher education, educational nonprofits, public school districts, and public charter networks across the country
Solutions ProvidedProducts Used
  • Azure AD
System Replaced
  • Okta

Ready to take the first step?

Find out more about how we can help your organization navigate your digital drive. Let us know your requirements to serve you better.

Prefer to call? +1 877 638 9683