It’s easy to take milk for granted. This staple source of nutrition is such an essential across the world that it’s almost comforting to not think about the work that goes into its production – and its distribution. But it’s a complex business with tens of billions of dollars in trade value at stake.
GlobalDairyTrade (GDT) is a global dairy marketplace that runs online auctions to set prices across a wide range of dairy products for New Zealand’s dairy production industry. Since 2008, GDT has managed these global auctions, shifting from its origins managing the trading via distributing spreadsheets, to a real-time auction platform in 2013 with almost 400 companies from every region across the globe bidding on over 50 dairy product specifications.
"The prices discovered during each auction and published on our website support buyers and sellers across the global dairy industry to trade with confidence,” says Yasmine Bendjafer, Chief Operations Officer.
The process of developing its platform and evolving industry best practice over the past decade highlighted the benefit of adding multi-factor authentication to the GDT auction platform hosted on AWS. Having been built upon a bespoke authentication solution, a process was initiated in 2018 to choose the best path to upgrade identity management for all GDT auction users.
In conjunction with technology partner ClearPoint, investigation and testing of third-party identity solutions through a robust proof of concept approach led GDT to choose Okta as its new authentication provider to be hosted on AWS.
When considering the ongoing maintenance of a bespoke authentication system, GDT and ClearPoint quickly saw that there was much more to be gained by choosing Okta to take its identity needs into the future.
GDT’s bespoke solution was a “well-oiled machine” during its first six years of live auctions, but as the nature of online business evolved over the past decade they saw a need to ensure access was built on a reliable platform that would continue to grow alongside their needs.
The main factor for us was reliability and performance. With the introduction of Single Sign-On across other services and recommendations to introduce Multi-Factor Authentication, it became obvious we needed to leverage specialised expertise and solutions.”
Yasmine Bendjafer, Chief Operations Officer, GDT
For GDT, it was these core features of MFA and SSO that drove the decision for change. The organisation wasn’t seeking new features, just a new foundation for the future security of its platform. But it also soon discovered that there were many added benefits from Okta it would never have gained by sticking to its status quo. Together with Okta, ClearPoint designed and implemented the new identity approach which included extensive modifications to the existing GDT custom software, DevOps and automated testing systems and was hosted on AWS.
Under its old authentication system, GDT had to build manual activity reports for analysis and audit procedures. Discovering that Okta enabled automated reporting tools saved hours of manual effort.
Having compliance with privacy laws built-in out of the box was an added benefit. In a global auction system it was a big help to know GDPR requirements were covered without any added effort from GDT.
For a platform with such importance to the global dairy Industry, GDT and ClearPoint had to keep the auctions running like clockwork while integrating Okta into the auction systems.
“Part of our concern was to make sure that we had an identity management tool that was reliable all over the world,” says Mario Romero, Technology Operations Manager, GDT. “That was part of the decision we made in going with Okta.”
Okta’s ability to support both app-based and SMS-based MFA was key to providing GDT the system it needed to upgrade its identity system while maintaining access for its global customer network, as SMS MFA was a must-have for some of GDT’s customer regions.
During the transition process, GDT worked with ClearPoint to carefully integrate Okta into its existing platform, but still managed to complete the process in just one year without any interruption to its auctions.
After completing its User Assessment Testing processes, the team decided on a two-phased approach while preparing customers for the eventual move to MFA.
“There were a lot of concerns about the use of MFA,” says Romero. “So we started implementing just the login page without the MFA, just to make sure that everything was working fine. We then implemented the MFA at the same time as we moved into a new auction site, so it was really critical for us to make sure that everything was ready.”
People were worried about MFA – they hadn’t had a good experience with other MFA solutions. So we decided to bring people on the journey. There was only a very small percentage of users who needed a bit of hand-holding. From our customer’s perspective, it didn’t have any impact. And that was the main point. It was successful because it was smooth. It shouldn’t be hard. Security should be easy to be effective”
Yasmine Bendjafer, Chief Operations Officer, GDT
With users now enrolled and operating under the Okta-powered identity solution, GDT found the unexpected benefit of having real-time visibility of customers accessing the auction platform through its new Okta-powered pre-auction dashboard.
“We can see in real-time, who’s accessing the system,” says Romero. “It’s been a game changer from a customer service perspective. We know if someone is failing a few times in attempting to login, so we can call them straight away and ask if they need help. The two hours before the start of an auction is the critical time for users to access the platform.”
“Before this we had little visibility, customer service was reactive,” says Bendjafer. “We run a clock auction, so if you can’t login and miss out on the first round you’re out of the whole auction. Identity management can’t fail us. Having that comfort of the reliability that a product like Okta provides is paramount to us.”
From their experience, the GDT team feels that other organisations might have some understandable fears of enforcing MFA on customer access, but they should stop worrying when they integrate a tool like Okta.
“It’s more straightforward, with more and more sites requiring MFA for access,” says Romero. “You can determine the frequency for MFA authentication as well, whether it’s per device or per day. Customers are comfortable with it.”
“People have an allergic reaction to change which we certainly felt early on,” says Bendjafer. “Having the peace of mind and the intangible benefits, definitely makes it worth it. We recommend you put this in the hands of people whose core business is identity management and the security around it.”
Now with an upgraded auction platform with identity powered by Okta, GDT is ready for its future developments, and a key part of this is having a reliable identity management system.
ClearPoint are proud to be official implementation partners with Okta and Auth0 – trusted CIAM solution providers. We’ll work with you to understand your needs and implement the right solution for your organisation. ClearPoint can provide the service to implement & integrate the right solution as well as provide subscription licenses that work for you. Find out more here.