Feb 4, 2025
•
Case Study
Grammarly selected Opal to transform its access management, boosting security while improving productivity.
Den Potapenko
Engineering Manager
1-5k
Employees
Private
Stage
Grammarly
Grammarly, the trusted AI assistant for work, helps over 40 million people and 50,000 organizations communicate effectively and increase their productivity across a range of platforms. Companies like Atlassian, Databricks, and Zoom rely on Grammarly to brainstorm, compose, and enhance communication that moves work forward.
As a rapidly growing cloud-based company with a large, distributed workforce, security is a top priority for Grammarly. To manage access to critical resources, Grammarly needed a solution that would meet evolving security standards and maintain a frictionless user experience without impacting employee productivity.
The Challenge
As Grammarly began to scale, the team started to manage resource access with an in-house, custom-built tool. Initially, this entitlement-based solution worked well, enabling users to request access based on attributes like title or location. However, as Grammarly continued to grow, the tool’s limitations became abundantly clear. It lacked scalability for an increasing number of services and users, couldn’t fully integrate with emerging technologies, and didn’t support modern security best practices such as Just-in-Time (JIT) access and Zero Trust Principles.
In addition, the tool often required substantial manual intervention from the IT team and lacked a self-service option for users—leading to delays and operational burdens.
Grammarly knew it was time for an upgrade. The company needed a solution that could meet and exceed up-to-date security requirements (such as the enforcement of least-privilege access and managing scalable JIT workflows), be quick and easy to adapt to new use cases, and scale alongside the company.
“We’ve always had a security-first mindset, and access management was a key part of that,” said Den Potapenko, Engineering Manager at Grammarly. “We wanted to build a secure environment, but we didn’t want that to mean sacrificing employee productivity. We did some market research to see whether there was a tool or a vendor that could be a partner to help us address both our current needs—and everything we might need for the future.”
Grammarly Access Control Requirements At a Glance:
Scalable, off-the-shelf access management solution
Consistent, seamless end user experience
Strong integration capabilities, including APIs and workflows
Streamlined user access reviews (UARs) and improved compliance
The Solution
“We made the decision to go with Opal, and we are extremely happy with that decision. We have everything we need—and more.”
-Den Potapenko, Engineering Manager at Grammarly
Grammarly evaluated several potential vendors and conducted multiple proof-of-concept trials when it decided to make the switch. After careful consideration, the company selected Opal due to its scalability, including seamless integration with a variety of SaaS applications and Jira for internal workflows; its self-service access management option; and most importantly, its ability to support Grammarly’s security objectives, including JIT access provisioning and Zero Trust principles. Den Potapenko also noted that Opal’s “knowledge and ability to bring best practices from other customers into our solution was a huge advantage.”
With Opal, Grammarly upholds its commitment to security best practices without sacrificing productivity or ease of use. By leveraging Opal’s API, Grammarly has automated identity and access management (IAM) processes, provided bundles of entitlements for quick end user access, rapidly rolled out JIT policies in bulk across its entire environment, and implemented a least privileged setup while still leveraging birthright policies. Ultimately, this allows Grammarly to retroactively identify, prioritize, and remediate longstanding access—in addition to real-time least privilege enforcement capabilities. Furthermore, Opal has empowered Grammarly to federate leadership to product and workstream owners and enable temporary project teams to manage their own access—and then end that access once a project is complete.
Going forward, Grammarly plans to transition from entitlement-based access to birthright access with Opal, which will further minimize unnecessary permissions and strengthen its security framework. While Grammarly has already completely eliminated standing access for AWS and other production environments, the team will continue refining its approach to JIT provisioning going forward, aiming to reduce standing access even further.
The Impact
By working with Opal, Grammarly significantly boosted its security posture via the implementation of best practices like JIT policies and Zero Trust principles. Additionally, Grammarly has rapidly achieved a more scalable and user-friendly access management system, with the move to a self-service model drastically reducing the involvement of IT teams in access management requests. By minimizing manual approval processes, Grammarly reduced the time it takes to provision access from twelve hours to mere minutes. Users can request access via Slack or directly in the Opal interface, and if there are no approvals needed, “they can get access in thirty seconds,” commented Den Potapenko.
Working with Opal has also empowered Grammarly to boost productivity. By integrating Opal with Jira, users can request access without disrupting their existing workflows. Furthermore, Grammarly has integrated over 200 SaaS applications into Opal, streamlining the process of managing access across its tech stack. According to Den Potapenko, onboarding new services is much faster since Grammarly now has all the integrations it needs. Grammarly has also begun to leverage Opal’s dashboard to manage user access reviews (UARs), aiming to eliminate any remaining standing access and make the process far more efficient.
From the first steps of implementation to now, Grammarly has been impressed with Opal’s level of support and responsiveness. “Sometimes I feel that I meet more with Opal than with any other vendor,” Potapenko said. “They’ve been empathetic to understand what we need, when we need it, and help to address it.”
Ultimately, by selecting a solution that could scale with them, Grammarly has experienced significant improvements in both security and operational efficiency and is well-positioned to continue its rapid growth.