How Vercel uses Indent to manage access to everything, including Vercel
- 250 - 500
time to access
Vercel's IT Admins save
As a platform for front end developers to build, deploy, and collaborate on web applications, Vercel prizes their internal developer culture. Engineers are encouraged to move quickly, empowered by the product they’re building.
Their rapid growth as a company sparked a desire to implement best-in-class protection for their customer and production data.
Vercel started with a few close-knit engineers working on the product. With everyone working on the core foundation of the product, every member of the team had super admin permissions.
As they began to scale, the easiest way to give new engineers production and application access was to give them permissions that matched the initial core group of engineers.
But that wasn’t sustainable from a security or cost perspective.
For example, Vercel uses lots of SaaS applications that require a different (and more expensive) license for a specific elevated role, like an editor versus a reader/viewer. Most folks only needed the viewer permissions, but were being given the more expensive editor permissions as default as part of onboarding.
Giving everyone a license was cost prohibitive, requiring them to occasionally manually switch people out.
Vercel needed to solve two access related problems:
The answer became clear: on-demand, time-bound access. With it, people would be able to get the right sized access in terms of both permissions and duration.
...At some point you just have too many people with super admin, too many people with licenses that they never ended up using.
IT Ops Engineer
Faster, Right-Sized Access
Vercel partnered with Indent to implement on-demand access, and saw improvements both in the developer workflow and time savings for the IT team.
For the roll-out, SCIM provisioned resources were connected to Indent, allowing their engineers to create access requests (petitions) right from Slack. For non-SCIM provisioned resources, they have Indent handle the approvals workflow and FreshService handle the permissions provisioning.
Having Indent handle the access approvals workflow and initiate SCIM provisioning when possible saves Becky Vredenburg, IT Ops Engineer at Vercel, at least 5 hours a week.
“If somebody needs to be an admin in our Vercel environment for something that's great, but maybe they only need it for an hour. They can be a developer the rest of the time and then we can flip them into what they need for an hour.
We like the fact that there's a paper trail [that shows] they requested it, this person gave them access, [and] it was cut off at this time. That way if anything ever comes up, we have this very clear outline of who has it, why they had it, and we have this verification that it was retracted. Having to set a reminder for me to go in and pull their access is just a waste of resources.”
She also noted that it hasn’t negatively impacted the speed of the development teams. Within 24 hours of rollout, she saw adoption.
“They use it all the time. They pull their own licenses, it expires, they pull another one when they need it. And it seems to have been really seamless.
We looked at it [and] this is actually faster because we can set some of these things to auto approve for short periods of time, so now they don't have to wait for us.”
For cloud app access, developers at Vercel wait just three seconds on average.
“[Before with some apps], we would have to see if there was a seat available at that time because they were full. We'd have to kick someone out and have that argument, put another person in. Whereas now the seats are automatically rotating and they're always available.”
And the feedback from the developers, or lack thereof, has been telling.
“The best feedback is crickets. If we tell our team to do a thing and then everyone just goes off and does it, that to me speaks volumes because that means it worked all the way from our least technical person to our most technical person.
It's just been silent. Like everyone does it and it just works.”
This is actually faster because we can set some of these things to auto approve for short periods of time, so now they don't have to wait for us.
IT Ops Engineer
On-Demand Access For Everyone
With Vercel’s deep investment in Indent and FreshService, they will look forward to rolling them out to their People, Payroll, and Biz systems teams, not just engineering and IT.
Our people team, our payroll team, business systems, everybody [is] going to be using [Indent].
IT Ops Engineer