COVER STORY
We wanted it to be an
easy experience for
them and we wanted
it to be intuitive.
“With some of the solutions we looked
at, when we looked at the administration
side and how they would set up security
policies it was very complicated and you
could see how they could easily make
mistakes that then would compromise
the reason why you bought the solution
in the first place.
“So OneLogin seemed like they had
really concentrated on user experience
from both angles.”
The implementation
The solution was initially rolled out in
the UK over a nine-week period which
finished in June this year and then
expanded to Europe and Asia, which
took around four weeks.
Initial teething problems centred around
the inputting of international phone
numbers but OneLogin were very
responsive in resolving the problem,
said Fairless.
The benefits
Tesco now has 140 applications which
are integrated with OneLogin.
“We've got tens of thousands of
colleagues now across the world that
are all using adaptive multi factor
authentication,” said Fairless. “For
example, I've just been to Malaysia,
India and the US. And in each of those
The thing that really
made them come
through was
user experience.
www.intelligentciso.com
|
Issue 20
locations, which are unusual for me
because I'm normally based in the
UK, when I first go to log into one of
those 140 apps that are covered by
OneLogin, I get a notification on the
screen saying ‘we just sent you a
message to your phone, please confirm
in order to continue’. working with the Service Desk team to be
able to put FAQs and self-help and other
things on there for the education side.
“And I then get a push notification which
asks ‘is this you trying to log in?’. You
then approve it and login immediately.” “So being able to work with OneLogin
and them being really reactive to us,
suggesting this stuff and helping, I
guess, from our perspective, us helping
For the remainder of the time the
individual is in that country, they’re not
repeatedly asked to confirm their identity
as the solution recognises that it is a
legitimate login.
“It's about providing us the assurance
that these logins are from bona fide
individuals, but not overburdening the
individual by making them have to do
this process every single time, only when
something looks unusual,” said Fairless.
Tesco received the ‘Most
Collaborative Award’ award from
OneLogin for demonstrating
a fast implementation and
deployment of the solution
through cross-departmental
team efforts. What’s the key to
this success?
“A really big thing for us was that we
wanted colleagues to understand
why we were doing it, not just be the
security team saying ‘you must do this’,”
said Fairless.
“So we worked with the corporate
comms team to create a video which
took about five minutes for colleagues
to view, explaining why we were asking
them to do it, what it would achieve and
then talking them through the specific
steps for installation.”
Although there is an app version,
employees can also subscribe to the
solution as text messages instead, so
if they have an older phone, limited
storage or an incompatible device, they
can use the SMS option instead. “By
working with the comms team, we got this
really clear and quite compelling story
that folks could go through and then
“Then working with OneLogin, and we're
still doing this, we have a number of
observations and builds for them as
we've gone through.
It’s about providing
us the assurance
that these logins
are from bona fide
individuals, but
not overburdening
the individual by
making them have
to do this process
every single time.
them develop their product, from their
perspective, them helping us get this
thing rolled out across all of our users.”
Advice for other CEOs
looking for a multi factor
authentication or identity
access management solution?
“I think it's tempting to go with a vendor
that maybe you already use. Because
it will seem like they're going to take a
lot of the complication and the stress
away, because you deal with them
already – maybe it's an add on product or
something they already do,” said Fairless.
“But instead of taking that for granted, I
would recommend diving into how it is
actually going to work, what it's going to
look like for the user and what it's going
to look like for the admins.” u
53