IB Solutions Logo IB Solutions
contact
Back to clients

IDEO: Global Design Consultancy SSO Integration

Okta-based authentication enabling unified access for a globally distributed design and innovation team

IDEO: Global Design Consultancy SSO Integration
Company: IDEO
Industry: Design & Creative
Website:
Provided services:
Web Development

At a Glance

  • Global team - unified authentication across international offices
  • Okta integration - enterprise identity management for design consultancy
  • Zero manual accounts - new team members provisioned automatically on first login
  • Fluid team structure - contractors and collaborators managed through same system

Lead Web Engineer responsible for building a custom Okta Single Sign-On integration for IDEO’s Craft CMS website (via Solspace Inc.). IDEO is a globally recognized design and innovation consultancy with teams distributed across multiple international offices, requiring unified identity management across their digital properties.

The Challenge

As a global design consultancy, IDEO needed authentication that supported their distributed team structure:

  • International team access: Designers, strategists, and consultants across multiple offices needed seamless access to internal website resources
  • Okta as identity hub: IDEO uses Okta to manage identity across their organization, and the website needed to integrate with this existing infrastructure
  • Dynamic team: Creative agencies have fluid team structures with contractors, collaborators, and full-time staff requiring different access levels
  • Single source of truth: User management needed to flow from Okta rather than requiring separate website account administration

What I Built

Custom Okta SAML Plugin:

  • Craft CMS plugin implementing SAML 2.0 protocol specifically for Okta’s identity platform
  • SP-initiated authentication flow redirecting users to Okta for login
  • Proper handling of Okta’s SAML response format and assertion structure

Automatic User Provisioning:

  • New team members gain website access automatically when added to Okta
  • User attributes (name, email, role) synchronize on each login
  • No manual account creation or invitation process required

User Data Synchronization:

  • Bidirectional attribute mapping between Okta profiles and Craft CMS user fields
  • Role and group membership derived from Okta attributes
  • Profile updates in Okta reflected on the website automatically

Outcome

The integration gave IDEO’s global team unified access to their Craft CMS website using existing Okta credentials. New team members are provisioned automatically, and identity management remains centralized in Okta rather than requiring separate website administration.

Business Impact:

  • No manual account creation or invitation process required
  • Team changes in Okta reflect immediately on website access
  • Contractors and collaborators onboard through the same streamlined process
  • IT team manages one identity system instead of multiple

This removed friction for a fast-moving creative organization where team composition changes frequently and administrative overhead should be minimal.

Interested in Similar Work?

If you're looking for similar solutions or want to discuss your project, I'd be happy to help.

Implemented solutions:

Used technologies: