With the move to the cloud, companies are now addressing the requirements for secure remote access to corporate data for their employees, partners and customers.
Especially with manufacturing companies, we see that a lot of their systems still remain in on-premise solutions. The result is usually a hybrid model, where part of the systems are located on the customer’s premises (on-premise) and part is moved to the cloud. It is always important to ensure that both parts work and communicate seamlessly with each other.
Moreover, it is nowadays obvious that not only employees and partners, but also customers need to collaborate with company systems and data. For new economy companies whose product is intangible services typically delivered over the Internet, secure identification of their customers is the alpha and omega of business success. And it is very important to ensure not only safe access, but also convenient and straightforward access.
The above data storage models and data access can be divided into two parts, which are supported by Okta technology. These are:
- Employee identity and authentication
- Customer identity and authentication
Thus, Okta technology not only offers a solution that covers the authentication needs of both internal and external company employees, but also provides a simple way to authenticate company customers, business partners or other remotely cooperating companies.
What is important and what Okta places great emphasis on is that the login method is always the same across all company systems and that the user always has the same authentication credentials to all systems. The aim is to avoid a situation where the user has different access data to different systems – i.e. different login data, different passwords. Such a situation is risky from the point of view of data security.
User and device lifecycle
A typical (and bad) practice in companies when a new employee arrives is to set up different access to different systems for them. Often some of them are forgotten, and gradually, according to the emerging needs, the approaches are complemented and thus unwanted chaos arises.
The situation is even worse when an employee leaves the company. Often, accounts that should have been deleted and are not are left behind, and this has implications not only for the security of the entire solution, but also for the number of licenses needed.
The ideal model for managing the user and device lifecycle is to set up all user accounts in one place, which are then automatically linked to individual systems using Okta technology.
Okta Technology Tools
- Single Sign On. The goal is that the user has one username or password (if used – ideally an authentication token or other form of authentication) and that the same security policies are always applied across all company systems.
- Universal directory, a directory service that serves as a single central point that all systems that users log into using Okta technology will trust. The entire user lifecycle can then be managed from this directory service. However, this does not mean that the existing authentication service should be replaced immediately. A reasonable option is to gradually connect existing Active Directory services. There are many ways to combine these verification systems.
- Okta offers several multi-factor authentication options. It has its own Okta Verify app, which is an authentication app that works on both mobile devices (iOS and Android) and smart watches.If users are already using an authenticator, Okta also allows you to integrate other third-party authenticators, such as Google Authenticator, RSA Secure ID, Symantec, etc. In case the authenticator is not available at the moment, SMS or email authentication can also be used. Okta Verify supports push notifications (known e.g. from internet banking access), when e.g. on the mobile phone from which the user logs in, a confirmation request automatically pops up saying “yes, it’s me, I want to log in” or “no, this is a mistake”. There is also the option to work offline, where Okta offers a unique identifier (a six-digit number that is copied into the login app).Completely unique to Okta is the ability to assess risk based on location and other indicators, and in the event of a secure situation, Okta will log the user in without bothering with other factors.
- Okta Lifecycle Management – at the moment when the user is based in a central system, ideally in Okta Universal Directory, according to defined and set rules (e.g. membership in groups or based on variously set attributes) it is possible to automatically create accounts and assign services in third-party systems, incl. license assignment. For seamless operation, Okta has developed a custom protocol (SCIM) that allows for the creation of user accounts and actions across many software and systems. Okta supports all major systems used worldwide and has its own interface that can be easily implemented in a corporate system.
Summary
Okta is a large and complex identity management technology offering many scenarios, and an undisputed business and technology leader in this innovative area in the IT world.
David Peřina, Managing Director System4u a.s.
