Apttus is a global leader in the development of high-quality, human-annotated data sets for machine learning and artificial intelligence. With over 20 years of industry experience, Apttus works in more than 180 languages and has access to over a million skilled contractors. Workday, Inc. is Apttus' financial and human capital management (HMC) software provider.
Apttus was using Active Directory as a central location for managing user access and privileges. It was an effective but manual process. "Our inability to manage identities and privileges at scale was impacting every department in the organization, reducing their overall effectiveness for delivering business, and potentially impacting security," says Brian Hicks, IT System Administrator. "Any new users needed to be onboarded through a time-consuming process that involved multiple people. We needed an effective, secure and easy way to automate access controls."
Apttus accesses and manages critical data for its customers. The company's systems and processes are subject to regular audits to comply with customer and regulatory requirements. Apttus needed easier access to user data and the ability to securely manage user privileges across their environment. "We had a process in place, but it was very complex and time-consuming," says Hicks.
After an extensive evaluation process, Apttus chose Idaptive for its superior single sign-on (SSO) features and its Mac management capabilities. Not long after the Idaptive implementation, Apttus decided to make Workday's HCM platform their primary system of record for both people and financials.
Each year, organizations spend millions integrating on-premises HR solutions with identity management software in an effort to achieve a single, secure 'source of truth' when it comes to employee data. But synchronizing personal records and enterprise apps to provide an accurate, up-to-date single system of record can be complicated, particularly when employee onboarding and off-boarding aren't automated.
"As we were implementing Workday, we saw the Idaptive integration announcement and that validated our decision to go with Idaptive a thousand times over," says Hicks. "We quickly realized that we already had a system in place that would automatically manage user access and privileges in tandem with what would become one of the most critically important apps in our entire business."
In 2016, Idaptive partnered with Workday to bring identity management and HCM together into a unified solution where HR and IT could collaborate to address the employee lifecycle gap. At the time the integration was announced, Apttus was using the Idaptive platform to manage access to resources across its infrastructure while providing employees with single sign-on functionality.
"Idaptive had already proven its ability to leverage Active Directory for authentication into our systems at the time we were implementing Workday," says Hicks. "The timing was perfect."
With the sole assistance of the Idaptive instructions document, Hicks completed the Idaptive/Workday configuration in one day. The following two weeks were spent analyzing changes that would be made, ensuring they were appropriate and tweaking the setup. The Idaptive platform was then launched into production. Today, Idaptive is the vital element that sits between Workday and Active Directory and has allowed Apttus to drive everything from the platform upon which they manage human capital.
"We wanted to keep our employee records tightly synced with our systems, so we leveraged the real-time bi-directional software integration," says Hicks. "We built roles based on business rules, departments or divisions in Workday, and then used inbound provisioning from Workday to Active Directory with the former serving as the 'source of truth' for all users. Today, everything that happens downstream is automated and driven by the business rules surrounding a Workday value that's synchronized through Active Directory."
Workday supports enterprise single sign-on with Idaptive Services, making it easy to set up and administer multiple user accounts. Apttus IT centrally provisions new users into Active Directory and other SaaS applications, creates customer access policies, and automatically revokes access as needed."
Since the implementation of Idaptive's Next-Gen Access platform, Apttus has been impressed by the solution's broad impact across the entire organization. Every department has benefitted. Security has improved and auditing simplified. Productivity has increased as employees gained easy, reliable access to resources. Automation has increased productivity within the IT department and engagement has improved as monotonous work was eliminated. Even costs have declined. Among the benefits:
A more robust single source of truth
With the assistance of Idaptive, Workday has quickly become a central component of Apttus' business, essential as a system of record not only for human resources, but for the financials processed through it. Workday is now among the company's most critical business apps.
Previously, a request to remove a terminated employee's access could take hours. With Idaptive, access to every application and system is revoked automatically and immediately, helping to prevent high-impact events. Idaptive's automated processes also minimize the possibility of human error where users may be over-provisioned with access to resources they shouldn't have.
Automated Identity and Access Management
In the past, Apttus' IT department was responsible for manually creating and managing user accounts in Active Directory. With Idaptive, the process is automated–a new hire is assigned to a specific supervisory organization that flows into Active Directory. Based on that, the user is automatically provisioned, saving multiple interactions across the employee lifecycle.
According to Hicks, IT spent between one and five hours setting up system and application access for each new hire. With Idaptive automation, time spent has dropped by 65 percent, saving Apttus hundreds of dollars each time an employee is hired, terminated, or promoted into a role that requires different access rights. Idaptive Auditing helps Apttus track app usage and determine when apps are no longer required or when licensing can be reduced, resulting in further savings.
Idaptive provides clear visibility into who has access to which applications and resources, how they received access, and when changes occurred—simplifying both internal and customer-requested audits.
Improved employee engagement
IT staff assigned to low value and repetitive tasks quickly grow disengaged. With Idaptive's automation of menial tasks, IT staff can focus on higher value and more challenging activities which drives better engagement, performance and a better outcome for Apttus.
Idaptive's single sign-on means users no longer waste time logging into each individual system and struggling to remember passwords. IT Service Desk volumes for password resets is significantly reduced. While automated provisioning and de-provisioning allow Apttus IT to focus on more meaningful problem-solving.