CASE STUDY
The solution protects against unauthorised
access to critical corporate data while cutting
management time and costs for the business.
Why OneLogin?
“We trawled quite a wide net through
the market,” said Fairless. “We ended up
looking at eight solutions and got down to
a shortlist of three.
“OneLogin wasn’t the biggest or the most
established – it is quite a new player in the
market. But the thing that really made it
come through was user experience and
that’s from two different angles.
“It was very important to us that if we
were going to ask 450,000 people to use
this thing – many of whom are not what
we would describe as digital natives – we
wanted it to be an easy experience for them
and we wanted it to be intuitive.”
Equally important, he said, was a solution
that would be intuitive for administrators.
“With some of the solutions we looked at,
when we looked at the administration side and
how they would set up security policies, it was
very complicated and you could see how they
could easily make mistakes that then would
compromise the reason why you bought
the solution in the first place. So OneLogin
seemed like it had really concentrated on user
experience from both angles.”
Malaysia, India and the US. And in each of
those locations – which are unusual for me
because I’m normally based in the UK –
when I first go to log into one of those 140
apps that are covered by OneLogin, I get a
notification on the screen saying ‘we just
sent you a message to your phone, please
confirm in order to continue’.
“And I then get a push notification which
asks ‘is this you trying to log in?’ You then
approve it and login immediately.”
For the remainder of the time the
individual is in that country, they’re not
repeatedly asking to confirm their identity
as the solution recognises that it is a
legitimate login.
Initial teething problems centred around the
inputting of international phone numbers
but OneLogin was very responsive in
resolving the problem, said Fairless.
The benefits
Tesco now has 140 applications which are
integrated with OneLogin.
“We’ve got tens of thousands of colleagues
now across the world that are all using
adaptive multi-factor authentication,” said
Fairless. “For example, I’ve just been to
www.intelligentcio.com
“By working with the comms team, we got
this really clear and quite compelling story
that folks could go through and then working
with the Service Desk team to be able to put
FAQs and self-help and other things on there
for the education side.
“Then working with OneLogin, and we’re
still doing this, we have a number of
observations and builds for it as we’ve
gone through.”
WE’VE GOT TENS OF THOUSANDS
OF COLLEAGUES NOW ACROSS
THE WORLD THAT ARE ALL
USING ADAPTIVE MULTI-FACTOR
AUTHENTICATION.
“It’s about providing us the assurance that
these logins are from bona fide individuals,
but not overburdening the individual by
having them have to do this process every
single time, only when something looks
unusual,” said Fairless.
The implementation
The solution was initially rolled out in the UK
over a nine-week period which finished in
June this year and then expanded to Europe
and Asia, which took around four weeks.
Although there is an app version,
employees can also subscribe to the
solution as text messages instead, so if they
have an older phone, limited storage or an
incompatible device, they can use the SMS
option instead.
Tesco received the ‘Most
Collaborative Award’ award from
OneLogin for demonstrating a fast
implementation and deployment
of the solution through cross-
departmental team efforts. What’s
the key to this success?
“A really big thing for us was that we wanted
colleagues to understand why we were doing
it, not just be the security team saying ‘you
must do this’,” said Fairless.
“So, we worked with the corporate
comms team to create a video, which
took about five minutes for colleagues to
view, explaining why we were asking them
to do it, what it would achieve and then
talking them through the specific steps
for installation.”
Fairless said that being able to work with
OneLogin and with how reactive the
company was towards Tesco, from Tesco’s
perspective – the key to success has been
the fact it has helped OneLogin develop its
product. From OneLogin’s perspective, the
key to the success has been helping Tesco roll
out the solution across all of Tesco’s users.
Advice for other CEOs looking
for a multi-factor
authentication or identity access
management solution?
“I think it’s tempting to go with a vendor
that maybe you already use. Because it will
seem like they’re going to take a lot of the
complication and the stress away, because
you deal with them already – maybe it’s an
add-on product or something they already
do,” said Fairless.
“But instead of taking that for granted, I
would recommend diving into how it is
actually going to work, what it’s going to
look like for the user and what it’s going to
look like for the admins.” n
INTELLIGENTCIO
65