Criteo meets identity security needs with SaaS

Taking on the challenge of an evolving workforce 

Criteo’s growth called for changes in how they handled identity management for their workforce and external partners. For Criteo, which has been listed on the stock exchange since 2013, the need to control the life cycle of identities had become overwhelming, as had the need to recertify access, generate regular reports and automate a central building block.  

This need was made all the more apparent by the fact that Criteo’s IT department had originally created its own identity management solution; developed and deployed by its internal engineering teams. The solution initially covered several hundred and later several thousand users. Criteo’s IT department then realized that this customized approach, which was created in the spirit of a tech start-up, had generated substantial costs over a number of years and was ultimately not very profitable. The company estimated that eight full-time equivalent developers were exclusively dedicated to identity management.  

“We realized that our job was to provide IT services rather than developing a proprietary IAM solution,” says Jérôme Robin, IT Platform Tribe Leader at Criteo. 

The company completely changed its philosophy in 2021, when Criteo’s IT department decided to replace its historical solution and move to a standard SaaS approach.  

Seeking an IAM Solution

The search for a standardized, mature, cloud-based solution first led Criteo’s IT department to benchmark the market. Relying on recognized experts, in particular Gartner, the teams initiated a study on identity governance and administration. The first challenge was to be able to identify the exact product that the engineers really needed internally. “Putting a name to what we needed was not easy: in fact, we were looking not for an IAM (identity access management) but for an IGA (identity governance and administration) infrastructure,” recalls Jérôme Robin. 

Criteo’s approach focused on a deployment model, with the aim being to find a SaaS solution. For the teams in charge of the project, this type of architecture was indeed more durable and fitted in to the evolving future prospects. It was also in line with Criteo’s global philosophy including their DevOps approach and ability to generate micro releases. This agile mode was a major objective.

“We did not want a monolithic, old-fashioned product, but a scalable and flexible solution,” explains Jérôme Robin. 

The company also wished to entrust the solution to one of the biggest companies in the market, which alone could meet 90% of the needs expressed. After identifying the major players in the ecosystem, Criteo’s IT team selected SailPoint as the leader in this area.  

Choosing SailPoint

Identity Security Cloud, the SaaS solution from SailPoint, was soon deployed and won over Criteo’s IT teams. The SaaS model was a first advantage, both when compared to the solution developed in-house for the past eight years and with regard to the competition. SailPoint met both the technical and the strategic needs set by Criteo.

Another strong point highlighted by the project team was the user experience of the SailPoint tool. “The end-user interface of Identity Security Cloud is certainly the best we have seen,” says Jérôme Robin. This feature is particularly appreciated as the UI is similar to the solution deployed internally in previous years. “For us, the user experience and the look and feel are decisive aspects. We like this intuitive approach, which avoids having buttons everywhere.”

Criteo’s third strong decision-making point is the native integration of ServiceNow. This possibility is essential as the solution is to be installed throughout the organization as a one-stop shop for all their user requests.

Onboarding procedures for new recruits also have a positive impact on the Criteo team in charge of the new identity management solution. The onboarding system of Identity Security Cloud is tighter and more effective than the old solution and makes it possible to send a single email from the first contact with a new employee. This enables Criteo to become more efficient and flexible, while offering more individualized approaches to onboarding. 

The Advantages of Identity Security Cloud

Just a few months after the deployment of the SailPoint Identity Security Platform, Criteo has made numerous improvements.

The main benefits are above all organizational and financial in nature. By reducing technical complexity, simplifying its needs, and standardizing its approach via the cloud, Criteo is creating a major appeal among the teams of engineers in charge of identity management. Since migrating to Identity Security Cloud, the company has only had to allocate 1.5 to 2 people full-time to IAM. “Today, I have one person dedicated to run tickets and bug management, and a half-position that focuses on the technical aspects of the solution, things that aren’t working and need to be improved,” Jérôme Robin explains. This result must be linked to the savings realized over the former in-house infrastructure.

Identity Security Cloud also generates clear satisfaction among end users. While some advanced users still wish to benefit from exceptions to standardized processes, overall, the identity management solution is deemed easier to handle and understand.

In technical terms, Identity Security Cloud allows many certification campaigns to be carried out automatically. This capability ensures the compliance of Criteo’s teams, with the teams also declaring that they are aided by the existing API for automation.

Identity Security Cloud also has many new features. For example, the Segregation of Duties feature, carried out directly in the applications and which had been identified at the time of the RFP. This is also the case with the onboarding procedure, which makes it possible to provide complete communication on Criteo while generating a link in order to create the first password. Management of administration accounts is also improved, highlighting certain differences related to the departments to which they report or to the more or less technical user profiles, and whose output must be correlated insofar as they are linked to each other.

Future plans

This year, Criteo plans to leverage AI capabilities in their Identity Security Cloud implementation. These valuable tools enable teams to make the most of their working hours. This strategic shift will become increasingly important for Criteo engineers as the internal organization continues to evolve.