Customer Identity
Workforce Identity
Why Okta
Developers
Resources
Free Trial
Contact Us
Login
Join us for our 10th annual Oktane in San Francisco.
Register now →
+1 (800) 425-1267
Chat with Sales
Search
United States
“Over a 36-hour period, we moved Workday, Office 365, Webex, ServiceNow, Salesforce, Check Point VPN, and Zoom to Okta.”
Trey Ray
Manager, Cybersecurity, FedEx
FedEx Corp. provides customers and businesses worldwide with a broad portfolio of transportation, e-commerce, and business services. With annual revenue of $70 billion, the company offers integrated business solutions through operating companies competing collectively and managed collaboratively under the FedEx brand.
Industry
Transportation
size
Enterprise
region
Global
product(s)
Workforce Identity Cloud
solution(S)
Move to the cloud
Ready to make Identity a business advantage?
Get started
A 70s startup with its roots in digital
When he founded FedEx back in 1973, Frederick W. Smith was already setting out to lead a digital transformation. He’s famous for saying, “The information about the package is as important as the package itself.” Legend has it that the idea for his iconic company came from a paper he wrote for an economics class at Yale, outlining how overnight delivery service could work in the computer age.
By 1980, FedEx was connecting drivers and sharing tracking information with customers by way of a nationwide wireless network tied into the company’s mainframe computer. By 1994 when websites were a novelty for most businesses, FedEx.com was already offering online tracking information.
FedEx customers have always expected and received high caliber service based on the latest digital technology, but over the years the company accumulated a wealth of legacy systems and mainframe applications, says Trey Ray, manager of cybersecurity for FedEx. Several years ago, CIO Rob Carter began an IT renewal initiative to modernize the company’s infrastructure.
That journey led to the CIO100 award-winning Cloud Dojo concept, a cross-organizational team of experts practicing and sharing modern development techniques at FedEx. “We use new development tools, such as Spring Boot, Spring Security, and Angular,” says Ray. “We also made an investment in the Cloud Foundry framework.”
Playing identity Whack-A-Mole
Developers, however, found obstacles on the security side of things. “We had spent 20 years spinning up best-of-breed identity and access management (IAM) point solutions,” he says. The company was running a VPN along with on-prem multi-factor authentication (MFA), on-prem federation, and on-prem web access management.
“It was a Whack-A-Mole game, from a security perspective,” says Pat O’Neil, cybersecurity fellow at FedEx. “Each one of those separate IAM solutions was an opportunity to get the configuration wrong.”
Ray agrees. “Although we made these things work together with baling wire and duct tape, the system presented a lot of friction for our software developers,” he says. “They were trying to do things in a modern fashion and having to marry it up with this legacy world.”
The “spaghetti diagram” that constituted FedEx’s IAM infrastructure created headaches and complexity for the rest of the FedEx team, as well. “A FedEx sales guy might have to enter his password five times to get productive in the morning,” says Ray.
In addition, the complex infrastructure limited the company to two identity stores, slowing down acquisition integrations. For a company focused on growing its business internationally and adding new services, that was a problem.
The search for an IAM solution
To solve for IAM, the FedEx cybersecurity team began scoping out identity as a service (IDaaS) solutions. “We read a lot of white papers, watched a lot of YouTube videos, talked to a lot of pundits, and narrowed the field down,” says Ray.
The team put out an RFI which helped to narrow the field even further. “FedEx takes its search for vendors very seriously and is known for being thorough—just ask our Okta sales engineers,” says Ray. FedEx chose Okta.
He outlines six reasons for choosing Okta:
Interoperability with existing FedEx solutions. “Okta was able to integrate where we needed them to,” says Ray. “We’re a big VMware Workspace ONE shop, for example, and there’s tight integration between Okta and Workspace ONE."
Ease of implementation. “The ability to use a single admin console to manage our work as security professionals instead of bouncing around in four or five different websites—that was important to us,” he says.
API availability. “‘API First’ is one of our IT Renewal tenets,” says Ray. “Much of what you can do with the Okta admin console you can also do with APIs.”
A wide range of MFA options. In addition to Okta Verify with Push, Okta supports hardware authenticators and modern authenticators, such as the FIDO Alliance’s Universal 2nd Factor (FIDO U2F), Yubikey, and WebAuthn.
Universal Directory and the ability to easily aggregate identities from multiple user stores. “We’re a big company. We buy companies, so that means we have a lot of directories,” says Ray.
Turnkey compatibility with key development applications, including Spring Boot, Spring Security, and Cloud Foundry.
Going beyond passwords with Zero Trust
As the FedEx cybersecurity team reviewed the company’s IAM infrastructure with the goal of simplifying and modernizing it, they also had in the back of their minds the broader goal of rolling out a Zero Trust security model.
“Compromised passwords are typically the first step in the data breach kill chain. It’s how an attacker gains initial access before moving laterally across the network looking to escalate privilege,” says Ray. “Passwords alone are no longer defendable or adequate for authenticating FedEx identities and protecting our digital assets.”
Rather than “trust, but verify,” a Zero Trust approach treats all network traffic, internal and external, as untrusted activity. For FedEx, that means verifying users and devices, evaluating each login situation in context, and using the results to tailor the sign-in experience according to the level of trust assigned to it.
The company’s identity provider is a big part of that Zero Trust strategy, says Ray, which is why choosing the right provider was so important. “The Okta Identity Cloud with the identity-as-a-service model, using Okta Universal Directory and Okta Single Sign-On was the solution for FedEx.”
Okta’s support of modern authentication protocols, such as SAML 2.0 and OpenID Connect means it can support FedEx apps, whether they be SaaS, cloud-native, or legacy applications.
The team is also taking advantage of Okta’s partnership with F5 to bridge the Zero Trust model to legacy on-prem applications. “The F5 BIG-IP Access Policy Manager (APM) performs protocol transformation using modern methods but still sends users back to legacy applications with all the headers or cookies that each application requires,” says Prashanth Karne, cybersecurity principal at FedEx. In this way, the team can secure all HTTP traffic to and from back-office applications without relying on a VPN.
Okta Adaptive Multi-Factor Authentication allows FedEx to add contextual verification requirements for users. The team is currently focused on Okta Verify, but uses older OATH hard tokens for some use cases and is also piloting modern authenticators, such as FIDO U2F, Yubikey, and WebAuthn.
“When I log into the Okta admin interface, I’m able to use Touch ID on my MacBook and it’s very low friction,” says Ray.
Device Trust is the next Zero Trust building block for FedEx—making sure that each device accessing company apps demonstrates a good security and compliance posture. Ray looks forward to exploring Okta Platform Services, which includes the ability to embed Okta on every device and deliver increased visibility, contextual access decisions, and consistent, passwordless user logins.
Using Okta, the FedEx cybersecurity team manages conditional access across the company from a single access policy engine that covers every application in the network. “That’s the brains of the thing,” says Ray. “It helps us tailor the sign-in experience—whether it’s password only, no password at all, or password plus MFA. The engine helps us build those policies and rules and make those access decisions.”
User behavior analytics comprises the final building block of the FedEx Zero Trust strategy. The team uses Splunk and machine learning techniques to mine the rich identity data they collect from Okta, using it to identify suspicious behavior and make proactive policy decisions.
One unified cloud for SaaS, on-prem, and cloud-native apps
The results have been well worth it. The FedEx team is making good progress in decommissioning legacy IAM solutions and integrating their approximately 250 SaaS apps, 500+ on-prem apps, and 400+ cloud-native apps into their Okta solution.
“The nirvana for us is being able to flex our applications into consumption and hybrid situations like colocation or even public clouds to be able to handle volume surges, which can be a challenge in our business,” says O’Neil.
“Now with this model,” he says, “we have one place where we can validate our security posture. Dev teams now have just one token to worry about. They do authentication and authorization in a consistent way no matter where they’re deployed.”
The team is also in a position when presented with M&A activity, using a lightweight on-prem agent approach to aggregate identity stores into Okta Universal Directory. That strategy helps them integrate new companies much more quickly.
With one cloud-native platform covering SaaS apps, cloud-native apps, and legacy apps—and one unified directory for the entire FedEx workforce—everyone can log in and get to work with less friction and less fuss. At the same time, the company’s comprehensive Zero Trust strategy means FedEx data and applications grow more secure all the time.
We make customers successful by enabling them to securely use the best technologies for their business.
Customer Identity Cloud
Built to tackle both Consumer and SaaS Apps across every industry
Authenticate, authorize, and secure access for applications, devices, and users.
Workforce Identity Cloud
Secure your employees, contractors, and partners – wherever they are
Covers every part of the Identity lifecycle, from governance, to access, to privileged controls.
Browse our customers
Want to go deeper? Browse by topic and or resource type to find more detailed content tailored to your needs.
Industry
Region
Solution
Product
The world’s largest companies trust Okta
Ready to put Identity first?
Get hands on with the free trial today, or get in touch with our team to discuss your unique needs.
United States
Privacy Policy
Terms of Service
Security
Sitemap
Developer Site
Copyright © 2022 Okta. All rights reserved.
Starting with Okta
Company
Help & Support
Help and Support
Frequently Asked Questions
Create a Case
Contact Us
About Us
Our Customers
Leadership
Investors
Careers
Events
Press Room
Partners
Responsibility
Okta for Good
Diversity, Inclusion & Belonging
The Okta Advantage
Customer Identity Cloud
Workforce Identity Cloud
Free Trial
Pricing
Contact Sales
Trust
Status
To connect with a product expert today, use our chat box, email us or call +1-800-425-1667.
Contact Us