Okta enhances security, extends on-prem options for identity management

Okta says it's trying to bring modern authentication and identity management practices to companies stuck with legacy systems.
Written by Stephanie Condon, Senior Writer

Okta on Tuesday announced it's enhancing its security features for identity management, adding new functionality for its cloud-based Adaptive Multi-Factor Authentication (AMFA) and making basic two-factor authentication standard for every Okta user.

At its Oktane conference in Las Vegas this week, the company is highlighting the breadth of applications and infrastructure now protected with AMFA. Okta AMFA uses context to ensure that users can only access the data and application permissions they need, when they need them. The feature was initially targeted at cloud applications and extended through integrations with networking and VPN vendors. Now, Okta is extending its on-premise reach to cover LDAP, as well as RDP, other SSO products, ADFS, custom web apps and RADIUS.

Okta is effectively extending its footprint with specific, on-premise components to either plug into a customer's server or infrastructure environment. While Okta is supporting some older technology like RADIUS, "the magic is it's very elegantly connected back to our cloud service," Okta Chief Product Officer Eric Berg explained to ZDNet.

"It's a very minimal on-prem footprint for the customer, but they get to integrate it into some of their legacy systems that only speak those older protocols," he added. "That's part of our general philosophy -- how do we bring people forward as much as possible where they've got existing systems that won't go away overnight, and yet they want to bring a modern MFA experience into their environment."

Many customers, due to the high number of breaches involving stolen or weak credentials, are interested in extending MFA to all of their users but run into roadblocks, Berg said.

"With traditional on-prem providers, there tends to be a cost issue, it's difficult to scale globally to support all your users, and often those solutions don't fully protect some of the newer cloud infrastructure and applications," he explained.

Along with more exhaustive application coverage, Okta is updating its AMFA offering, making it more intelligent and context-driven. Okta monitors access behaviors -- such as the time and place that company information is accessed, the device used, or the network zone -- to determine whether a potential bad actor is using compromised credentials. With this information, organizations using Okta AMFA can detect anomalies and make more intelligent access decisions. Organizations with AMFA can also now determine whether or not an authentication event is coming from a trusted or untrusted device, ensuring that only "trusted devices" get access business critical applications.

In addition to enhancing AMFA, Okta is introducing a series of new capabilities for all Okta customers. In addition to making two-factor authentication standard, Okta is also rolling out a compromised password detection feature.This will prevent Okta users from using commonly used passwords or passwords that were exposed as part of publicly-known data breaches. Okta is also giving all admins powerful IP blacklisting capabilities so they can block nefarious activity they may see as a DDOS attack.

Meanwhile, Okta on Tuesday is rolling out another series of improvements to the Okta Identity Cloud, making it easier for IT admins to manage both on-premise and cloud-based applications, as well as a wider range of devices and people.

The updates include an LDAP interface for Okta Universal Directory, eliminating the need for on-premise directories for small and mid-sized organizations.

Additionally, Okta is expanding the Okta Application Network dramatically beyond its traditional focus on applications, and subsequently, is changing its name to the Okta Integration Network. It now offers solutions around workflow management, business analytics, security automation and hybrid IT. Okta is working with technology partners including Palo Alto Networks, F5, IBM QRadar and Sumo Logic.

"As people want to try to use our single sign-on capability for a broader set of legacy apps, it's encouraged us to want to go broader and deeper in how we think about integrations that make sense with Okta to deliver on a new set of use cases," Berg said.

Okta is also extending its Lifecycle Management service with self-service registration and lifecycle policies that enable IT to automate access for external users -- such as customers, contractors or partners -- from registration to audit.

Editorial standards