The Norwegian airline with the distinctive red noses
Norwegian Air Shuttle ASA, more commonly known as Norwegian, has been a significant force in European aviation since it began operations in 1993. Dedicated to making air travel more accessible, Norwegian operates from its headquarters in Fornebu, near Oslo, and offers a vast network of routes that link the Nordics, Europe, and beyond. Since 2002, Norwegian has proudly served over 300 million passengers, easily recognized by their aircraft's distinctive red noses.
Access control for 5,500 users
As part of Norwegian’s comprehensive restructuring in 2020, it became clear that effective access control was a major challenges they needed to address. How do you ensure that the right people have the right access to the right resources with minimal friction? This quickly becomes complex when you have 5,500 internal users, as is the case with Norwegian.
Previously, identity and access management at Norwegian was characterized by manual and inefficient processes that could not meet future demands. As part of Norwegian’s shift to a Zero Trust security model, and with the understanding that identity management needed to be both automated and secure, Norwegian decided to upgrade their IT infrastructure and, in collaboration with Cloudworks, began implementing an IAM solution.
You can read more about that process here!
Since then, Norwegian and Cloudworks have worked closely together to further develop the IAM solution. To enhance the control and auditing of identities and access, the airline, in collaboration with Cloudworks, has implemented Okta Identity Governance (OIG), which plays a central role in their security strategy.
Different types of access
One of the newest changes that Norwegian’s pilots, cabin crew, and administrative staff experience with OIG is the ability to request access to various applications and IT systems, as well as specify the exact permissions needed in each system. This can include basic permissions or more advanced access levels, depending on the employee's role and responsibilities.
This targeted assignment of access ensures that no employee has more permissions than necessary for their daily work. In this way, unnecessary or unauthorized access is prevented, which strengthens system security.
When an employee requests access to a system, the request must be approved. This is handled through automated workflows, which not only manage the approval process but also ensure continuous monitoring and updating of access permissions.
Automatic approval and review of access
Many of the access permissions to Norwegian’s applications and systems are automatically assigned based on HR data. If an employee’s role changes, their access permissions are also adjusted automatically, ensuring that unnecessary permissions are removed without manual intervention.
For other types of access, approval is required from a system owner or department manager. When an employee requests these access levels, the automated workflows ensure that the relevant individuals are notified and can review and approve the request.
Additionally, OIG sends out automated campaigns at specific intervals to remind system owners and department managers to review employees' access permissions.
These measures reduce the risk of unauthorized or outdated permissions remaining active and contribute to a more secure and controlled IT infrastructure.
Future-proof solution
To ensure that Norwegian stays prepared for any future IT challenges, the airline has entered into a Managed Services partnership with Cloudworks. This means that Norwegian can count on dedicated support even after regular hours, and Cloudworks is always working to enhance and fine-tune the Okta solution to stay ahead of new threats and meet the airline’s needs.
This ensures that Norwegian’s IT landscape remains adaptable and prepared to handle new threats.
