How Keiki Standardized Access Management with Okta and Cloudfresh

When a company grows quickly, access management shifts from a background IT task to a critical part of daily operations. Each new hire requires access to 20+ tools, and shared accounts across teams add further complexity.

In this setup, security must not slow people down. It needs to work automatically, without delays, repeated approvals, or manual errors.

To bring structure to access management and prepare for further growth, Keiki partnered with Cloudfresh, an official Okta partner.

When Team Growth Increases the Number of Accesses

As the team expanded, so did the number of services required for everyday work.

At the start of the project, Keiki had around 40 employees, each using more than 20 tools. Manual provisioning meant hundreds of repetitive actions during onboarding, plus additional checks during offboarding.

Their previous password manager stored credentials but did not provide centralized control. The team needed a system that would work reliably for both 40 and 100+ employees without adding operational overhead.

One System Instead of Dozens of Logins

After implementing Okta, access to all company services was consolidated into a single system.

Defined Access for Every Role

Instead of assigning tools one by one, Keiki introduced role-based access groups. Each role is linked to a predefined set of services.

Now, access is granted automatically based on position. New employees start with everything they need on day one, without waiting for manual setup.

When someone changes roles or joins a project, additional permissions are assigned through the same system—no email chains or approval loops required.

Security Became a Structured Process

Okta established consistent access control rules across the organization:

• Single Sign-On (SSO) — employees use a single account to log into all work tools without needing to create and remember separate passwords. This simplified daily work and reduced the number of password reset requests.
• Multi-Factor Authentication (MFA) — system access is protected by an additional verification factor (e.g., via push notifications or a one-time code), significantly reducing the risk of unauthorized entry.
• Centralized Access Management — the IT team gained the ability to assign access to necessary services based on employee roles and quickly revoke them when roles change or employment ends—without sharing or storing passwords.

Administrators also introduced password policies (length, complexity requirements), reducing the risk of compromised accounts and improving overall security posture.

This approach made access easier to manage and simplified audits.

Shared Accounts Without Security Risks

Shared accounts are common across marketing, product, and operations teams—but they often introduce risk.

Together with Cloudfresh, Keiki introduced an approach to manage shared access through Okta.

The team can now grant access without sharing passwords, control MFA from a single place, and keep operations running smoothly regardless of team changes.

As a result, access to critical tools no longer depends on a specific person or device.

Built for Continued Growth

The new system supports Keiki’s current structure and scales without requiring redesign as the team grows beyond 100 employees.

Results

• Thanks to groups and templated onboarding, the time it takes to gain access has been reduced from ~1–2 business days to ~10–30 minutes. New employees can start working on their first day with no waiting time.
• The number of IT requests related to access in the first two weeks decreased by ~50–70%: from ~3–5 to ~1–2 tickets per person—reducing repetitive tasks for IT and helping teams get started faster.
• Access revocation during offboarding now takes minutes instead of hours (~5–15 min), lowering the risk of unauthorized access and improving control over company systems.

Okta now serves as the foundation for managing access as the company grows.

What’s Next: Okta Identity Governance and Okta Identity Threat Protection

After centralizing access, the Keiki team and Cloudfresh plan to introduce Okta Identity Governance and extend security with Okta Identity Threat Protection.

Okta Identity Governance will allow employees to request access directly in Okta, while team leads approve requests without involving administrators. This will shorten access approval time and further reduce the number of IT requests.

In addition, Keiki plans to use Okta Identity Threat Protection to monitor user activity and respond to risks automatically. The system evaluates behavior, session context, and security signals to detect anomalies and trigger actions such as additional authentication or session termination.

How Cloudfresh Supported the Okta Implementation

Working with Cloudfresh helped Keiki deploy Okta as a centralized access management system and prepare for team growth. The company received not just a tool, but a structured access model aligned with its organizational setup.

Cloudfresh provided professional Okta configuration services, helped define the right setup, prepared the Implementation Plan, and introduced a controlled approach to shared accounts with clear ownership and access rules.

Support remained a key part of the collaboration: guidance during launch, консультации after implementation, and assistance with further system improvements.

As a result, Keiki now operates with a managed access model that reduces IT workload, speeds up onboarding, and supports growth while maintaining strong security controls.