How SAP’s Taulia Stopped a Breach and Saved 1,800 Hours

Challenge

Taulia is a fintech company that provides working capital management solutions to Fortune 500 enterprises, including electronic invoicing, dynamic discounting, and AR financing. Headquartered in the US with about 600 employees and a smaller international presence, it was recently acquired by SAP.

As a company entrusted with sensitive financial data, Taulia knew identity security had to be airtight. But like many organizations, their credential-based authentication introduced risk and wasted employee time.

“Passwords are a big vulnerability. Even MFA can be compromised. Typing them at coffee shops or public places puts our employees at risk. It was just annoying and error-prone,” says Duke, the Sr. Director of Corporate IT.

Employees were authenticating 10+ times per day, struggling with long, frequently changing passwords, and experiencing delays in productivity. MFA fatigue caused by repeated push notifications was also a growing concern, since “eventually any user is going to just hit ‘yes’.”

For them, security was a high priority. Their goal was not only to eliminate phishing attacks and boost user productivity, but also secure their reputation. “We serve fortune 500 companies, and it's important that we secure our brand.” This became especially true when their company was acquired by the 120,000+ employee software company, SAP. 

Solution

Taulia’s IT team evaluated several alternatives, including Duo and HYPR, but found them complex, push-based, or lacking in device intelligence.

Beyond Identity offered:

• Passwordless, passkey-based MFA that eliminates phishing risk
  
  
• Device posture checks to ensure only secure devices are granted access
  
  
• Seamless IdP integration and easy user onboarding
  
  
• Reduced IT burden with no more password resets or phone prompts
  
  
• Unmatched customer support, even beyond deployment

“Beyond identity prevented phishing attacks and improved our user experience” says Duke. “Often when you implement security solutions, it adds more friction and more frustration. But with Beyond Identity it’s actually the opposite of that, it reduces friction while improving security. And that is a win-win for every organization.”

Their Security and IT team also appreciated the device posture signals that replaced exploitable MFA:

“Other solutions used push notifications and allowed users to authenticate without a passkey; we wanted to avoid that. We wanted to ensure that we have device posture on all devices that are logging in.”

Result

No security incidents

In a major attempted attack targeting ~200 of their user accounts, Beyond Identity blocked every unauthorized login while allowing trusted users on secure devices to continue working without disruption.

“We looked through the logs and identified that the attacker hit a brick wall when they hit Beyond Identity’s MFA. In the end, they were not able to authenticate,” the Sr. IT Director mentions. 

Phishing, brute force, shoulder surfing and more are no longer a concern for the organization. This alone validated the team's zero-phishing, zero-password approach.

75+ days of productivity gained monthly

Without typing passwords or constant MFA resets, Beyond Identity saves time for both users and IT admins. Taulia even did the math to understand the ROI: 

“We estimate that each employee saves about 10 minutes in typing passwords or having password issues a day. That’s three hours in a month. With ~600 headcount, that’s 1,800 hours or 75 days per month that the company saves without passwords.”

Duke, the Sr. Director of IT, also noted that “if we’re constantly chasing security incidents, we’re not spending time being productive.” By eliminating identity-based attacks, IT and security teams can reclaim their time. 

Access blocked from untrusted devices

Taulia now enforces access controls by checking device posture before login. If a device is jailbroken, rooted, or non-compliant, access is denied instantly. This even works on unmanaged devices, logging in from places like cafes or from home, which was important for this distributed, global team.

Proof for acquirers

Taulia’s use of Beyond Identity played a pivotal role in their acquisition by the large, public software corporation SAP. With security a top priority for both companies, their investment in phishing-resistant, passwordless authentication stood out as a differentiator during due diligence.

The big picture

For Taulia, security doesn’t slow things down, it accelerates productivity. Their motto, “security enhances productivity,” is embodied by their use of Beyond Identity.

“Since deploying Beyond Identity and my tenure here, we’ve had zero security incidents relating to user account compromise. Plus, it’s improved productivity. This is the kind of a tool that you would want to use. Beyond Identity was a game-changer for us," Duke, the Sr. Director of Corporate IT said.