Morris Case Study

Morris Communications selects Idaptive for single sign-on, user provisioning and federation services for Office 365

Idaptive’s SSO via Active Directory provides simplified user provisioning, increased ease-of-use and has minimized help desk password resets.

“Idaptive manages itself. I don’t have to update it. I don’t have to upgrade it. And I never have to worry about the degradation of service.” Arup Chakraborty, Solution Architect, NIIT Technologies Limited, which provides IT services to Morris Communications

Morris Communications Company, LLC is a privately held media company with holdings that include newspaper and magazine publishing, outdoor advertising, radio broadcasting, book publishing, and online services. Morris Communications contracts its IT services to NIIT Technologies, a leading IT infrastructure solutions company serving customers in the Americas, Europe, and Asia.

THE CHALLENGE

Find a single sign-on solution to remove user password burdens and improve usability for Box.com and other frequently used corporate apps. Identify the most cost-effective, low-touch identity federation solution for Office 365.

When Morris Communications decided to migrate from on-premises Office to Office365, Arup Chakraborty, Solution Architect at NIIT Technologies Limited, began looking for a solution that could provide the identity federation services required. If he could identify a comprehensive solution that also provided single sign-on capabilities for a variety of applications across the enterprise, it would be ideal.

Previously, Morris had standardized employees on Box.com for sharing and storing documents across their geographically dispersed environment. The rapid adoption of Box meant that soon the company was purchasing hundreds of user licenses. In order to simplify and manage user accounts and improve access, the company had selected another vendor’s single sign-on (SSO) tool.

But the way the other vendor collected and managed Active Directory credentials didn’t sit right with Chakraborty. “They store user passwords and identities in their own database in the cloud, but because Morris was storing critical information in Box.com we felt that from a general security perspective it was better to store the associated user identity information on our local servers. Only Centrify could give us the option to do that,” he says. While the original SSO product they installed wasn’t ideal for Morris, it was the transition to Office 365 that would ultimately drive the company to evaluate other providers that could solve multiple issues within the environment

THE SOLUTION

After implementing another vendor’s tool for single sign-on and evaluating Microsoft AD FS for Office 365, the company selected Idaptive for its comprehensive ability to provide password management, single sign-on (SSO) and Office 365 identity federation. “Once the move to Office365 was approved, we began looking for a solution to support the migration. We first went down the logical path of evaluating Microsoft’s own AD FS solution,” says Russell Harlan, Director of Learning at Morris Communications. “But we quickly realized that a lot of additional hardware would be required.”

Not only would costly AD FS servers be necessary, additional load balancing and redundancy servers housed in external locations would be needed as well. “An internal administrator — a trained specialist with a deep understanding of AD FS — is also required to build out the environment, manage it, and deal with any issues that arise,” says Chakraborty.

The company estimated that the Microsoft rollout would take upwards of two weeks and cost tens of thousands of dollars. From a business perspective, the company weighed three main criteria:

  • The cost of the hardware
  •  Implementation complexity
  • Continuing AD FS server management costs

They then evaluated Idaptive as an Office 365 solution. “We found that no additional hardware would be required, little administration would be necessary after the rollout, and implementation could be completed in about four hours,” says Chakraborty. “As a solutions architect my job is to provide the organization with the best possible solution, so I strongly endorsed Idaptive.”

THE RESULTS

SSO via Active Directory provides simplified user provisioning, increased ease-of-use and has minimized help desk password resets. Identity federation services for Office 365 saved thousands of dollars in AD FS hardware and administrative costs.

When considering results, Chakraborty notes that the company avoided thousands of dollars in AD FS server costs as well as having to bring in an AD FS specialist. He points to licensing fees as an additional area of savings.

“You have to consider that every employee in an organization has access to all kinds of apps. Morris had over 400 licenses for use with box.com. So when employees leave the company, somebody needs to go in and delete their access to all of these apps across all departments. But that rarely happens, so companies continue to pay for unused licenses for months or years after the employee has departed.”

Accordingly, Morris was continuing to pay Box.com for licenses that were not being used. In just a few months of using Idaptive as a single sign-on solution for Box.com, Morris cut. licensing fees by simply identifying users that no longer required access. “We’re spending about $180,000 a year on Box licenses, so the ability to drop users immediately upon their departure and reassign those licenses to other employees has resulted in substantial cost savings,” says Harlan.

The same will be true for Office 365. “When users leave, their access rights to Office 365 must be deleted or the company will continue to pay unnecessary licensing costs — and users may retain access to Office 365 resources,” says Harlan. “With Idaptive we can disable a user in Active Directory and they’ll be automatically disabled across the board. Morris will save money on licensing and significantly decrease the risk potential.”

“With Idaptive, this type of user provisioning and de-provisioning is easy because each user can be added to a specific group within Active Directory and thereby gain access to everything they need. That means we don’t have to set up individual accounts with apps like Box. This increases ease-of-use, releases employees from having to remember multiple passwords and increases IT productivity,” says Chakraborty.