I work for one of Norway's largest employers with 50,000 employees. This is Norway's largest retail chain and we use it for 30,000 workers in retail, 15,000 in warehousing, and 5,000 in the corporate environment. For all of these, onboarding is automated to the HR and we have an old CA, which is now called the Broadcom Identity Management Solution for provisioning into Okta Workforce Identity. In this solution, we take those 50,000 identities and we've now built a B2B portal so that vendors, producers of the stuff that is sold in these retail chains, can log on and do things like plan their shipments, have the accounting done, et cetera, et cetera. So there are about maybe 20,000 people, a total of 70,000 people in this identity space. Last but not least, is the PAM solution. So we have maybe 300 IT staff on shore and we have maybe 600 offshore. I haven't done the latest count, but around 1000 IT workers authenticate through Okta Workforce Identity but are then given access to the PAM solution because the PAM solution protects both our cloud environment and our on-prem environment. We use the cloud to get into the on-prem.
The drawback of this solution is that in our shops, many staff members sometimes have to be borrowed from one shop to another and the solution does not really support having multiple roles. The user experience we would like to have when a person works in shop A which pays their salary is that they should have access to pretty much everything. Maybe you have somebody who is a manager in that shop A, he should be able to order new wear, he should be able to change the pricing, he should be able to empty the cash registry, and ship it to the bank. But when for instance, in COVID, people had to fill in for people in shops where a lot of people were sick, then they had to actually use user accounts of people that work in shop B. If you were employed in shop A, you could not work in shop B without borrowing somebody else's user ID and password. Which is really bad. We haven't been able to work around that and Okta Workforce Identity does not have a solution for it. We are now piloting their identity governance solution. Obviously, it's easy to give somebody access, give them an account, and give them roles, but it's hard to maintain that. For example, if you moved from, say working in a shop to working in a warehouse. But why do you still have all this shop access? The solution has until now not had anything to really support the process of taking away access. But now we are in a better release program of Okta's identity governance solution. Although it's very basic, the solution has started on a journey, but identity governance is something that Okta Workforce Identity really needs to improve. The ability or the options in the solution for changing the look and feel are not good enough because in our partner portal, essentially what they have is an ugly admin interface. The admin interface is good enough for us technical people because that's all we need. We work with the product and we're able to see the data but when it comes to presenting the service portal, Okta Workforce Identity does not have any capabilities really for making it look pretty. To add branding and different graphical user interface elements than Okta basic for essentially delegated admin for the business-to-business portal is horrifying because you're essentially using the tech admin. The only option we had and used, was to take the tech admin console and strip it. so that a vendor that has some goods that are sold in the shops, when they want to add a user on their side, say a driver or a packer on their side who should know how much they've packed in a truck to come to our warehouse, then the user interface that this vendor is using, these functional people will then have to use an extremely basic user interface.
