Do It with Style:
How Stitch Fix Secures and Automates Identities

At a glance

High-growth, fashion-focused startup Stitch Fix was growing more than 70% annually, and supporting thousands of remote users, when they brought in an experienced executive to head up their IT function and infrastructure. What he found was tremendous excitement, burgeoning opportunity—and cause for serious concern.

Challenges

“Because everybody was doing their part of it in the system, we had 45 people who were interacting with the user definition across our organization. We also had over 20 apps being manually provisioned by different people. And thousands of employees with only two people in IT. So we had a lot of rogue IT floating around. With multiple applications, multiple admins, and multiple domains, the challenges started to compound along those lines,” recalls Ravindra Sunku, Director of IT for Stitch Fix.

The company boasts a diverse workforce. In addition to engineers and full-time office staff, it has thousands of remote, part-time employees, from warehouse workers to stylists to corporate teams like client experience. Adding to the complexity, each of these groups has varying levels of access, common applications that need provisioning, and unique applications based on their particular role.

Stylists and warehouse employees, who now make up over half of all employees, frequently join, leave, and return following a seasonal break. For efficiency and productivity, it is key that they become productive as quickly as possible, with appropriate access to all the apps they need, are offboarded securely when they leave, and can smoothly rejoin with their information and data intact.

HR & IT partnership

For its part, the Human Resource (HR) group wanted more employee engagement and interaction with the Workday Human Capital Management (HCM) platform. Once an employee had completed their profile in Workday, they rarely used it again, diminishing its effectiveness.

"We had the HR team joined at the hip on this implementation, because we wanted to make sure that the whole onboarding and all the attributes that need to come from Workday were in line with our downstream IT processes. We were literally working hand-in-hand, trying to define that architecture so that it ties everybody with Workday,” says Sunku.

Sharing a sense of purpose and commitment to success, HR and IT partnered on the components and selection process for a single sign-on (SSO) solution and identity architecture, to fast track onboarding efficiency and productivity.

Solution

Stitch Fix wanted to integrate Workday HCM with an identity access and management (IAM) platform, and as Sunku had implemented Workday previously, he was very familiar with its capabilities. Stitch Fix chose OneLogin over IAM competitors due to the effort the company put into the proof of concept, the collaboration during the evaluation process, and the OneLogin platform -- how well it integrates with existing and planned apps at Stitch Fix, and its roadmap.

Workday Integrations

Stitch Fix has multiple integrations from Workday to OneLogin, including a real-time, bidirectional integration between the two.

Future hires are provisioned before they start, to gather initial data and set up benefits before exposing them to more apps and internal information on their start date.

“We take the standard 8-10 integration fields out of the box and then created a large number of custom attributes, which we're ingesting from Workday, so that OneLogin becomes our hub, where Workday is the source, and from there we become the spoke for every other downstream system. The architecture is geared to promote the single sign-on and onboarding experience. Our vision is how efficiently we can onboard a new hire, to provide that ‘wow’ experience, and ensure they become productive by day two with all the core systems they need access to,” explains Sunku.

Provisioning a Remote Workforce and Rehires

Because of the nature of its business, Stitch Fix has thousands of stylists who work remotely for several months, take a break, and then return. Additionally, employees may change roles, or “cross board” during their time at the company. “We want fast onboarding and crossboarding of course, and as we offboard, we ensure their record is clean, so they’re excited to return. Then we re-provision them with their previous email ID and so on, and all of that is only possible because of our Workday-OneLogin integration, which maintains the unique identity of that individual,” explains Sunku.

Workday as Single Source of Truth

“The integration is architected to support future hires and rehires, and to help create a compelling employee experience. The Workday-OneLogin ecosystem plays a pivotal role for Stitch Fix, helping drive people to interact with the system and rendering it the single source of truth. This was truly a partnership between IT and HR. Collectively, that was the gain, we have many more people interacting with Workday because of the OneLogin integration,” states Sunku.

Results

“The biggest advantage for IT is that we are able to rely on rule-based automation for provisioning and deprovisioning, and leave HR to drive the business process for onboarding and offboarding. IT becomes an enabler to make this happen on a consistent basis and address the security elements as well,” says Sunku.

Engagement and Productivity Drive Savings

With over 6,000 churn events (company hires and departures) per year for remote workers alone, automation of redundant tasks generates tremendous savings for Stitch Fix. “OneLogin has definitely saved us a lot of time, and as we roll out more apps, the value keeps growing over time. From an ROI perspective, based on the number of applications we are provisioning with OneLogin and how that automation accelerates productivity and empowers our workforce, we anticipate very significant savings. And as our growth continues, that number will grow even more,” affirms Sunku.

HR-Driven Identity Drives Efficiency, Engagement and Security

HR-driven identity (HRDI), with integration of HR attributes and identity directories along with role-based access control (RBAC) has streamlined on- and off-boarding business processes. “Unifying the HR directories into IT has definitely helped us drive efficiency. With OneLogin, we're maximizing the use of Workday as our single source of truth for all corporate user provisioning as a mechanism to ensure data consistency and security,” says Sunku.

This has created a compelling user experience and much improved security, and the ability to adapt to changes quickly. Automating redundant tasks produced massive savings and efficiency gains. IT can now leverage clean employee data while owning access security policies. Because IT directory and HR identities are unified, it is easy to keep up with employee status changes. Key to security is that there is a quick “off switch” to prevent user access to applications and data immediately upon departure.

“Because we architected the onboarding and offboarding process from end to end to make Workday the single source of truth, there’s much greater engagement from users. And with OneLogin, nothing in the downstream IT applications can be provisioned without that business event happening, which the HR team has been very thankful for.”

Cloud framework: Small team, high growth

Embracing the cloud framework and identity architecture, IT is able to support a larger organization and employee base with a very small support group. “From when we started, our user base has doubled, remote users have tripled, and our breadth of applications has grown fivefold, yet now with OneLogin, we are able to securely manage it all with a much smaller staff."

Why OneLogin?

OneLogin brings speed and integrity to the modern enterprise with an award-winning single sign-on and identity management platform. Our portfolio of solutions secure connections across all users, all devices and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire app portfolios.

Secure All Your Apps, Users, and Devices