Learn how a non-profit organization achieved significant cost reduction, enhanced end-user experience and established a true identity security system with Azure AD, part of Microsoft Entra.
Executive Summary
An education-focused non-profit requested support addressing pain points and projects related to information management, user identities, multi-factor authentication (MFA) and a secure single sign (SSO) implementation.
The Client
A US-based not-for-profit focused on education, social and health support located in an urban area. By addressing multiple aspects of generational poverty, the organization seeks to create a positive and nurturing environment that fosters academic success, personal development and a brighter future for the children and families it serves.
With over 1,000 employees, several locations and its vital work within the community, it was essential that the project was completed quickly and efficiently with little impact to the user. The education focused non-profit requested support addressing pain points and projects related to information management, user identities, multi-factor authentication (MFA) and a secure single sign (SSO) implementation.
The Challenge
The client was looking to move away from a competing file management and directory system to Azure Active Directory (Azure AD). The client had identities in both Google and Microsoft, managed by Okta, and was looking for a streamlined identity platform based on Microsoft Azure AD, now Microsoft Entra. Migrating to Azure AD would involve modernizing the company’s SSO, MFA, identity management and access controls to make sure users have the right level of access to the right resources at the right time. The SSO task was further complicated because not all of the critical legacy applications used the same digital identity process. The client brought in Withum’s Digital and Technology Transformation team to ensure a successful migration and effectively manage any associated risks.
The main tasks that the organization wanted to address were:
- Simplifying user account management by getting rid of duplicate accounts, which will reduce confusion and make it easier for IT to handle
- Making it possible for Microsoft 365 and Google Workspace users to work together seamlessly by allowing them to share their global address list and calendars
- Ensuring that user email addresses/user principal names (UPNs) remain the same across Azure AD and Google to avoid causing inconvenience to users
- Automating the process of managing user accounts between Azure AD and Google to improve security and reduce the workload on IT
- Switching from the legacy file management and directory system to Azure AD’s native capabilities (SSO, conditional access and identity management) to save costs and streamline IT workloads
The Approach and Solution
To maximize collaboration and ensure project success, Withum’s team began by recommending Microsoft Teams as the primary communication platform throughout the migration project.
By recommending and using Teams right from the start, both Withum and the company’s stakeholders could efficiently communicate and troubleshoot any challenges.
Once a communication strategy was determined, the real work could begin. Withum’s team approached the project by doing a deep dive into how the organization managed user access and identity and what systems and processes were currently in place. With an understanding of the legacy setup, Withum could move forward with the requested improvements. Withum made a list of all the applications that were currently handled by Okta with a Google directory. Each application and program was studied to understand what each one does, how they work together and what other programs they needed to connect to.
With a meaningful understanding of the current state, Withum developed a detailed plan on the necessary steps to complete the project and address pain points. The main focus was ensuring a smooth, hasslefree transition to Azure AD/Microsoft Entra without causing undue disruptions to daily business.
The Results, ROI
The company’s upgraded systems were launched with little impact to day-today operations. The original goals of simplifying account management, enabling Microsoft 365 and Google Workspace users to work together, ensuring UPNs remained the same, automating account management, and successfully launching a new file management and directory system powered by Microsoft Azure AD were accomplished.
Through careful planning, Withum’s team was able to complete the migration, which provided enhanced security, reduced costs and an improved user experience through an effective and robust identity management setup.