How Color Line built secure access across ships and shore

How Color Line built secure access across ships and shore

With a hybrid workforce operating across ships, docks, offices and even a hotel, Color Line needed a secure and scalable way to manage users and access. Partnering with Cloudworks, they implemented Okta and built an efficient Identity and Access Management (IAM) solution that automates onboarding, enhances compliance, and keeps operations running smoothly.

From complex systems to a modern security architecture

Color Line is a company that is continuously evolving. With ships, offices, and users spread across Northern Europe, it’s critical that employees can access the systems they need, quickly and securely. Color Line had challenges with complex systems

Over time the growing complexity of manual processes interfacing with legacy systems became increasingly unsustainable, making user access both time-consuming and risky to manage. With a diverse range of user types – from frontline staff and seafarers to IT and administrative teams – ensuring that all needs were accommodated properly became progressively more challenging.

At the same time, compliance requirements were mounting. A potential security breach wouldn’t just impact operations, it could damage trust and business as well.

With more than 3,000 employees, hundreds of applications, and numerous manual processes, administration had become both time‑consuming and inconsistent in terms of quality and security. The only viable path forward was to automate these processes through a modern IAM solution capable of meeting current and upcoming regulatory requirements for audit and control.

Thor Engebrigtsen, CISO at Color Line

That’s why Color Line made a key decision: to modernize its identity and access management and build a security architecture based on Zero Trust. No access without verification. Nothing left to chance.

Color Line is Norway’s largest – and one of Europe’s leading – ferry operators, offering passenger and freight transport between Norway, Denmark, Sweden, and Germany. The company operates a fleet of modern vessels and employs thousands of staff at sea and on land.

Strategic partnership with Cloudworks

To lay the right foundation for a successful IAM transformation, Color Line engaged Cloudworks as a strategic advisor. Through a comprehensive Needs Analysis and Technical Assessment, Cloudworks delivered a clear overview of Color Line’s current IAM status and future direction, mapping out the biggest challenges and opportunities.

With the knowledge and insights from the pre-study in hand, Color Line initiated an RFP and implementation process where the conclusions were clear: Okta Workforce Identity was the right platform to meet Color Line’s needs, offering the flexibility, security, and integration capabilities the organization required. Cloudworks supported the journey from the start, acting as both strategic advisor and implementation partner.

Cloudworks has demonstrated strong technical capabilities and deep maritime industry expertise, combined with extensive IAM and process experience throughout the project. Their contribution has been essential to achieving a successful implementation in our demanding 24/7 operational environment.

Thor Engebrigtsen, CISO at Color Line

A streamlined solution with HR as the main data source

With the strategic direction in place, the next step was to simplify and secure user management across Color Line. A key priority was ensuring that employee data was consistent and up to date across systems; and for that, the HR system was established as the single source of truth for all employee user identities.

Through a direct integration with Okta, user data now flows automatically from HR. New employees are created with the right access, changes are reflected in real time, and offboarded users are promptly deactivated. This has eliminated many of the manual steps that previously introduced delays and potential errors.

Eric Helm, IAM Architect and Technical Account Manager at Cloudworks, highlights the benefits with HR as the main data source:

By gathering all identities and roles in one place, Color Line can now handle access far more efficiently, securely, and consistently. Right away, new employees get correct access, and when someone leaves, their access is automatically removed. This is an important safeguard for both security and compliance.

Built for ships, systems, and scale

Color Line’s IAM solution enables reliable access across sea and shore while reducing risk and manual overhead. Here's how:

HR as source of truth: All identities are managed centrally via the HR system, ensuring accurate and up-to-date user data.

Automated onboarding and offboarding: Okta Workflows eliminate manual steps and reduce human error.

Integration with Color Club: Employees are automatically linked to loyalty profiles, enhancing both data integrity and overall user experience.

Single Sign-On (SSO): Simplifies access across systems while strengthening security.

Multi-factor authentication with YubiKey: Enables fast, secure access on ships, ideal for shared environments.

Passwordless login: Improves usability and reduces password-related support issues.

Automated onboarding and membership with Okta Workflows

One of the innovative aspects of the solution is how Color Line has leveraged Okta Workflows to automate processes beyond traditional IT.

A standout example is the integration with Color Club, Color Line’s loyalty and benefits program. All employees are now automatically registered as members, and their profile is adapted based on their employment status. If an employee leaves the company, their account is seamlessly converted to a standard customer profile, ensuring they retain access to personal benefits while corporate privileges are removed.

Okta Workflows also enable seamless transitions for users who join Color Line after having already signed up for Color Club as customers. In such cases, profiles are automatically linked, avoiding duplicates, and ensuring continuity across systems.

The solution saves time for HR and IT, removes bottlenecks, and improves both employee experience and data governance.

Secure login from shore to ship

To create a seamless and secure login experience across the organization, Color Line implemented Single Sign-On (SSO) and multi-factor authentication (MFA) through Okta. Secure login with Yubi Keys

Onboard the ships, employees use YubiKey – physical security keys – to quickly and securely access shared systems. The setup is particularly effective in environments with rotating crews and limited connectivity, where traditional logins can be a bottleneck.

In addition, users across the company can choose passwordless authentication with Okta Verify, offering both stronger security and greater convenience.

With YubiKey and passwordless login in place, Color Line has reduced friction without compromising security and gained the flexibility to match authentication methods to each user scenario. That’s especially important in a hybrid environment.

Eric Helm, IAM Architect and Technical Account Manager at Cloudworks

Supporting users and keeping operations running 24/7

Rolling out a new IAM platform is never just about technology, it’s about making it work for people in their everyday context. That’s why Cloudworks worked closely with Color Line to support end users directly, including onboard visits to several ships to assist crew members face to face.

As the project grew in scope, so did the need for continuity and operational support. To avoid project delays caused by day-to-day troubleshooting, Color Line opted to include Cloudworks’ Managed Services.

Today, the company benefits from ongoing support and monitoring, including 24/7 incident handling. This round-the-clock support is essential in a business where operations never stop.

Read how Cloudworks' Managed Services helped ferry operator Color Line with their IAM rollout →

Compliance and control, built into the foundation

With operations running around the clock, continuous security and compliance were top priorities from day one. That’s why the IAM solution was designed with a Zero Trust architecture at its core. This means a model where no user or device is trusted by default, and every access request must be verified. Detailed logs is streamed to better respond to emerging situations

This approach now underpins how Color Line manages identity across the organization, from authentication and authorization to audit and oversight.

As part of this compliance framework, Color Line uses Okta to stream detailed logs directly to its monitoring service. This gives the company full visibility into authentication activities and access patterns, and allowing Color Line to immediately respond to emerging situations when needed. This is a crucial capability for meeting ISO requirements and industry regulations for maritime operations.

A secure foundation for the journey ahead

With Okta as its identity platform and Cloudworks as a long-term partner, Color Line now has a flexible and future-ready architecture for managing identities and access across the organization.

By combining automation, compliance and user-friendly design, Color Line is now better equipped to support daily operations, protect critical systems, and adapt to changing needs.

Processes have been streamlined and automated, resulting in significantly improved data quality and security. This, in turn, enhances the user experience, increases organizational efficiency, and simplifies compliance‑related activities.

Thor Engebrigtsen, CISO at Color Line

Want to discuss what this could look like in your organization?

You can contact us here – or book a meeting directly below

Photo credit: Glenn Walmann

Cloudworks Danmark
Cloudworks ApS
CVR-nummer 42900192

Ringager 4A
2605 Brøndby
(+45) 40 30 83 09
kontakt@cloudworks.dk

Cloudworks Sverige
Cloudworks AB
Org.nr. 559376-0142

Hyllie Boulevard 53
215 37 Malmö
(+46) 70 262 80 66
kontakt@cloudworks.se

Cloudworks Finland
Cloudworks Oy
y-tunnus 3501093-8

Linnoitustie 6
02130 ESPOO
(+358) 46 600 1012
yhteys@cloudworks.fi