Challenge: 

• Distributed workforce with manual device lifecycle management
• Disconnected HR and IT systems
• Monthly manual data synchronization
• No device warehouse capability
• Access rules breaking over routine changes

Solution: 

• Migrated from Kandji to Rippling IT’s MDM solution while maintaining Okta integration
• Automated onboarding/offboarding workflows
• Implemented device warehousing and buyback
• Achieved zero-touch deployment

When Good Tools Don't Work Together

Productiv is headquartered in Palo Alto, CA, while Josh is one of several employees based in New York. He joined to lead security, but quickly took on the company’s IT function as well.

Before Rippling IT, Productiv had largely functional systems in place – Kandji for MDM, Okta for identity management, and various tools in between – but the gaps between those tools were costing them time, efficiency, and employee experience.

"We had zero IT representation in Palo Alto," Josh explained. "What that meant was I was having to ship laptops back and forth, jump on calls with our HR team, who were my hands-on keyboard, to help turn over our laptops. We were spending hours a week."

The process was painful: ship devices to California, schedule Zoom calls to coach non-technical HR staff through resets, and troubleshoot remotely when things inevitably went wrong. "Sometimes it was almost a comedy of errors," Josh said. "We've now wasted — I'd say wasted, we've had to invest — time from two, potentially even three people, all to get 2-3 laptops reset just so we can redeploy them."

Furthermore, their prior HRIS had no seamless integration with Okta, forcing Josh's team into a monthly ritual of pain: download HR data, export Okta data, run manual diffs in spreadsheets, then update fields one by one.

"We were constantly having data that's out of sync," Josh said. "As soon as we've updated the data, it's out of sync. We couldn't trust that data to do things like programmatically assign access."

When departments changed names — like when "Customer Success Manager" became just "Customer Success" — Okta rules broke without warning. New hires showed up without the right access, and Josh's team had to troubleshoot for hours before figuring out what went wrong.

"Any time there is a process with a human in the loop, you're expecting them to do the same task over and over again," Josh explained. "That's not a repeatable process. All it takes is one sick day, one person to leave, and that entire process falls down."

When Josh's HR team mentioned Rippling had warehousing capabilities, he agreed to take a call with the account manager. What he discovered went well beyond standard device management.

Warehousing: The Feature That Changed Everything

"They started going through all the different capabilities, and the one that really stood out for us based on the pain point we were experiencing was the warehousing capability," Josh said.

The pitch was simple: Rippling could handle device procurement, MDM enrollment, warehousing, cleaning, and redeployment, eliminating the Zoom coaching sessions, the manual troubleshooting (and yes, even some complaints around those redeployed laptops not being cleaned properly). 

I would speculate within the next year or so there's not going to be a lot of difference between the MDM players. Rippling IT has been addressing and closing those gaps so fast. A lot of it comes down to preference, and for us, the integrated ecosystem made all the difference.

Josh Mullis

VP of Information Security at Productiv

"All I have to do is go into the system, click the address I want to send it to, which is already populated because we have the individual's HR information," Josh explained. "It sends the box directly. They pack it up, and they send it to Rippling. Because it has the MDM, Rippling can rotate it for us, give us an assessment of the state of the device, clean it for us, and redeploy the MDM onto it."

The result? "The next time we're ready to ship it out, our team — not even an IT team or HR team — has an inventory they can go select from based on prebuilt deployments, have it shipped out, and I haven't lifted a finger for any of it."

Zero-Touch Onboarding That Actually Works

But warehousing was just the entry point. As Josh explored Rippling's capabilities, he saw an opportunity to eliminate the entire manual onboarding workflow.

14 days before they start, the device gets shipped out. Seven days before they start, Okta access is provisioned. When they get their device, they open it up, they take that password, they log in, the MDM is deployed on their device, and at no point has my IT team had to lift a finger.

Josh Mullis

VP of Information Security at Productiv

Today, Productiv's onboarding process is fully automated:

• When someone accepts their offer: An automated workflow kicks off, creating a Jira ticket with all necessary information
• 14 days before start date: Device ships automatically, trackable through the UI
• 7 days before start date: Okta access provisions automatically, group assignments flow based on HR attributes
• Day one: Employee receives their device, enters their password, MDM deploys automatically

"At no point has my IT team had to lift a finger to do anything other than track the ticket and make sure the device was received," Josh said.

The transformation extends to offboarding. When HR sets a termination date, a Jira ticket generates automatically via webhook, access revokes within minutes of the end date, and device retrieval boxes ship automatically, all without IT intervention.

"Our HR team is now empowered to go take those actions," Josh explained. "We still get the ticket. We're still in the loop. We still have all the auditability that we need, but they're empowered to do those things."

Bring Your Own IdP: The Okta Integration Story

Josh was firm from day one: "We were not willing to jump over from Okta. That was and still is a firm thing."

Productiv had invested heavily in their Okta setup, with 90%+ of the company’s applications behind their SSO and birthright access fully configured already. 

That said, he was pleasantly surprised to learn that not only was sticking with Okta as their IdP not a dealbreaker, Rippling IT offered a smooth integration with advantages of its own.

While Okta continues to handle the actual SSO experience for end users, Josh found that Rippling's IAM tooling helped him perfect the logic underpinning their access assignments. 

The preview capability was another game-changer that clarified the value. 

"One of the most elegantly designed parts of the product, in my opinion, is the group assignments," Josh said. "You can go in and based on any attribute that's available to a user or team, you can use those to assign access programmatically.”

"Most importantly, we can see what the impacts of those are before we post them," Josh explained. "There's a simple button you can click to preview, and you can test around. You can see what it's going to change. And then even between the two systems... You can see where drift has happened."

No more broken rules when department names change. No more trial and error. No more surprises.

Compliance Through Automation: The SOC 2 Advantage

For Josh, Rippling’s automation capabilities have made Productiv’s compliance posture that much easier to maintain. 

"Any time there is a process with a human in the loop, you're expecting them to do the same task over and over again. That's not a repeatable process. All it takes is one sick day, one person to leave, and that entire process falls down."

When it comes to SOC 2 audits, manual processes are where exceptions get noted, and exceptions damage customer trust. Before Rippling, proving compliance meant collecting evidence from potentially 100 different tickets for each control.

Now? "Instead of needing a sample set of 100 different tickets, you can just show them where the workflow lives, give them a couple of examples," Josh explained. "Instead of collecting evidence of 100 outputs, you can show one."

The automated workflows create a paper trail by default. When HR marks a termination date, a Jira ticket generates via webhook. Access revokes within minutes, logged and timestamped. Device retrieval initiates automatically. Every step is traceable.

I have full confidence in our repeatability from an audit perspective. When it comes time to do our SOC 2 Type 2 audit every year, I just go: here's all of our tickets. I can show you the logs directly from Rippling as required.

Josh Mullis

VP of Information Security at Productiv

The shift from reactive to proactive compliance is fundamental. "We're no longer having to worry about missing compliance. It's taken a lot of stress and pressure off. Now we can triage, double check, make sure the rules are still working as intended."

Device Buyback: The Feature that Completed the Circle

For years, Josh has dealt with device buyback the old way: holding onto divides for months on end, manually wiping them when he got around to it, and shipping them to third parties to take care of them from there.

Rippling IT’s Device Buyback feature is both, Josh says, a genuine problem solved for him as an IT leader, as well as proof of the responsive feedback loop he’s experienced working with Rippling since implementation. 

"I no longer have to worry about getting myself in the loop," Josh said. "The only thing I have to do is go into the system, identify the device I want to sell back. There's a pre-populated quote, so I know exactly how much I'm going to be getting. Once I click it, there's also a capability to remove from Apple Business Manager, so I don't even have to remember to go log in."

Three clicks. Device ready. Credit back in weeks. No manual cleanup required.

And again, Josh sees that as evidence of the trust between customers like himself and Rippling IT’s product team. 

"You can message them directly in the app," Josh noted. "There are community events. They're on Mac Admins. There's a lot of different mechanisms to reach out to Rippling IT. And almost every time you get a response within minutes, if not a couple of hours."

“All those things are directly feeding into the roadmap, which we can see coming out quarter over quarter. Case in point, Device Buyback: the community was asking for it pretty loudly over the last year. They announced it, they held true to it, and we've already seen the benefits."

Device Buyback — the community was asking for it, they announced it, they held true to it, and we've already seen the benefits.

Josh Mullis

VP of Information Security at Productiv

Eliminated Manual Device Management

What used to require hours per device — coaching HR staff through resets, troubleshooting over Zoom, cleaning and prepping for redeployment — now happens automatically through Rippling's warehouse.

Zero-Touch Onboarding Achieved

From offer acceptance to a fully configured device with all access provisioned, Productiv's onboarding runs without IT intervention. "Whereas before we had to go manually purchase and provision, now all it takes is for them to accept the job offer. Everything else flows smoothly from there."

Eliminated Monthly Data Reconciliation

That painful monthly ritual of downloading data, running diffs, and manually updating fields? Gone. HR changes flow automatically to Okta through Rippling's integration.

Time Savings Per Employee

"It could be anywhere between 30 minutes to a couple of hours per person," Josh said, "depending on what effort we have to put into it that we're no longer having to do."

Transformed IT-HR Relationship

"It's really upped our maturity, improved the relationship between our HR team and us, aligned our practices much more tightly," Josh explained. HR can now handle time-sensitive actions like involuntary separations without waiting for IT, while IT maintains full auditability.

Compliance Confidence

"Because we're no longer having to worry about those manual actions, we no longer have to worry about missing compliance," Josh said. "It's taken a lot of stress and pressure off."

Because we're no longer having to worry about those manual actions, we no longer have to worry about missing compliance.

Josh Mullis

VP of Information Security at Productiv

Instead of collecting evidence from 100 individual tickets for audits, Josh can now show auditors the automated workflow and a few examples — dramatically reducing audit preparation time.

Strategic Freedom

"If we can get rid of the noise, we can get rid of the tedious manual tasks, well, now we can go start to look at things like workflows and how can we start to automate and how can we build on processes and make a better end user experience," Josh said.

Josh frames Productiv's Rippling journey as an ongoing maturity curve. "When we first brought Rippling in, it was to address some very targeted pain points... But over the last 15 months, it's really been a maturity journey."

Recent wins include:

• Sitting down with each department leader to document birthright access requirements
• Rebuilding all group assignments using attribute-based provisioning
• Testing and validating that everything works as intended
• Achieving true zero-touch operations "within the last few months."

"We've finally been able to realize that it really is zero touch," Josh said.

Next on the horizon: building additional workflows, exploring new automation opportunities, and continuing to focus on end-user experience improvements.