How do you get hundreds of people to register for a new software management system in a week?

Over the last 20 years, IT has changed. A lot. The dusty stereotype of hooking up beige desktop computers doesn’t match up with today’s professional IT.

Finding ways to boost employee productivity (alongside cybersecurity) gets harder as companies move to cloud-based infrastructures.

Skylar Damiano, IT Specialist at ActiveCampaign, experienced this challenge firsthand. He had to roll out a new system to securely manage access to services and resources for 320 employees and…oh, by the way? He had one week to get everyone on board.

How did he do it?

A single password a day keeps the hackers away (and productivity high)

ActiveCampaign’s size ballooned between 2015 (only 14 employees) and February of 2019 (320 employees).

With that much growth, ActiveCampaign was at a crossroads. Except for email, there wasn’t a unified management of employee accounts. And internal growth was accelerating — ActiveCampaign would add another 180 employees by the end of July.

The company urgently needed a new system.

Why was it such a priority? Because when you manage employee data and access to tools, what do you do when people:

  • Join your company
  • Change internal roles
  • Have access to sensitive data
  • Leave the company

A new industry concept caught ActiveCampaign’s attention: HR-driven identity and access management (IAM).

Identity and Access Management is a system of policies and technologies that make sure the proper people in a company are granted (or denied) access to the resources they need. The goal of an IAM system is to have one digital identity per employee.

Some of the advantages of identity and access management are:

  • Reduced operational costs
  • Minimized security risks
  • Improved IT services
  • Better legal compliance
  • Real-time syncing between departments (like HR and IT)

What is an example of an IAM solution in action?

Employees should create different passwords for each application they use. But they don’t.

59% of employees use the same passwords for all their accounts. So if someone hacks into a single account, they probably will be able to use the same password to access other sensitive accounts, too.

common bad password patternsPeople are terrible at creating secure passwords (Source: WP Engine)

If people create weak passwords, how can you keep things secure?

Single sign-on (SSO). SSO lets employees use one set of login credentials (like username and password) to access all the applications and websites they need.

SSO technology is valuable in another key way, too.

68% of employees toggle between 10 applications each hour. That equals 32 days of an employee’s year. Only having to sign on once saves employees considerable time. And the result of that saved time — improved productivity — saves a company considerable money, too.

ActiveCampaign was convinced: an IAM system with single sign-on technology was the right solution for their evolving security and productivity needs.

Skylar needed to get all 320 employees to self-register on Okta, the SSO platform ActiveCampaign chose.

And he had to do it fast.

The trouble with compliance: How do you get people to do what you need fast?

The process of onboarding everyone onto a SSO system was done with ActiveCampaign automations and CRM.

Skylar started with a pool of 80 engineering employees as a test group. Once they successfully signed up, Skylar knew his system worked. Onboarding expanded to the rest of ActiveCampaign’s (at the time) 320 employees. Each group had a 5-day window to register for Okta.

Getting everyone to register for Okta started with these two steps:

  1. HR creates an account in Namely for every new hire. Most of the personal information Skylar needed for the new SSO system already existed in employee’s Namely accounts.
  2. Skylar transferred employee information from Namely to Okta with a native integration between the two programs

He then placed employees into a “staged” category in Okta. This was an important step, because Skylar had created a Zapier integration between Okta and ActiveCampaign. The “zap” triggered three actions when employees were placed into “staged:”

  1. Every employee entered ActiveCampaign as a contact. Their contact fields automatically populated with their personal information:
    • Job title
    • Department
    • Manager name
    • Office location
  2. ActiveCampaign automatically created a pipeline deal, and placed all the newly-created contacts at the start of the pipeline
  3. ActiveCampaign sent an email to staff to announce the Okta registration window

Okta announcement emailLet your employees know in advance what to expect when processes change.

All staff were now in the first of four stages of the “Okta Activation Pipeline.” Those stages were:

  1. Initial contact
  2. User activated by Okta
  3. User is activated and logged in
  4. Failure to sign up

Okta pipelineSkylar’s pipeline looked similar to this. He was able to follow every employee’s journey through the process.

“ActiveCampaign’s CRM let me visually see what stage of the pipeline employees were in,” says Skylar. “I could keep track of what employees had done or what they still needed to do.”

Bright and early on a Monday morning, the time had come to start the registration process. But would people go through with it?

Back in Okta, Skylar moved all staff from “Staged” into the “Active” category. This triggered the Zapier integration to move everyone to the second stage in the pipeline, “User activated by Okta.”

The second stage of the pipeline triggered a drip sequence of automated daily reminder emails. The emails told employees to activate within 5 business days — and that failure to do so meant they’d lose access to their email on Friday, the cut-off day.

OKta drip automationSkylar’s automated drip campaign to remind employees to sign up for Okta.

There was one problem: Okta didn’t notify the ActiveCampaign platform when an employee had created their password. How could IT stop reminder emails once an employee had signed up?

Skylar created another Zapier integration. Once they registered for Okta, Zapier added a tag that moved employees into the third stage of the pipeline, “Activated and logged in.” That stage removed staff from the email drip sequence.

How well did this combination of CRM, integration, and automation work?

100% staff compliance over five business days.

Not one person reached the final stage on the pipeline — “Failure to sign up.”

“People from other companies have talked about the trouble with compliance to roll-outs like this. 100% compliance is unheard of. And we were able to do it all with ActiveCampaign.” – Skylar

Captain of the laptop fleet: How Skylar keeps everyone up-to-date

After Skylar got everyone to register for Okta, he had a second goal. ActiveCampaign needed a new way to:

  • Keep track of devices
  • Keep software secure and up to date

ActiveCampaign needed an endpoint management solution.

IT chose JAMF pro, the most commonly used tool in the tech industry for MacOS and IOS devices. Since ActiveCampaign is 98% Apple, it was the clear choice.

“It was important for us to use a very robust tool to allow us to secure and manage the 480+ devices that we have,” explains Skylar.

Since the first pipeline had worked so well, IT created a second CRM pipeline for JAMF registration (that was identical to the OKTA pipeline).

“We could have created an automation to trigger them into the new JAMF pipeline as soon as they completed Okta registration. We chose not to though — because marketing automation should be a perfect combination of automation and the human touch.” – Skylar

After staff registered their computers on JAMF, Skylar turned to Zapier again. An integration connected computer IDs from JAMF to their ActiveCampaign contact field.

“Thanks to JAMF, I have insight into the health of the laptop fleet. I know now what version of MacOS everyone has,” says Skylar. “And now that I have the computer ID numbers, I can send campaigns internally at ActiveCampaign to individual people. Like when they need their laptop’s OS updated.”

ActiveCampaign Campy wavingThe last email from the JAMF registration automated drip campaign came from Campy, thanking everyone that signed up.

How else can automation help IT departments?

What’s next for IT automation at ActiveCampaign?

Skylar wants to make automated campaigns to track the health of employees’ computers. With that, he could create a deal pipeline for every employee so he knows when to update or upgrade their laptop.

“We can also help with onboarding.” Skylar ticks off the ways on his fingers, saying, “Staged communications, tips, reminders…because onboarding is a lot to process.”

IAM systems need to be flexible as more employees join a company (and more applications are adopted).

With an IAM system implemented at ActiveCampaign, IT now has the space and tools to turn ideas like Skylar’s into reality.

Skylar Damiano will give a presentation at the Jamf Nation User Conference 2019.