With the transition to the cloud, companies are currently addressing the requirements for secure remote access of their employees, partners and customers to company data.
However, not all companies want to move all their data to the cloud. Especially with manufacturing companies, we see that many of their systems still remain in on-premises solutions. The result is usually a hybrid model, where part of the systems is located on the customer’s premises (on-premises) and part is moved to the cloud. It is always necessary to ensure that both parts work smoothly and communicate with each other.
And what’s more important nowadays not only employees and partners, but also customers need to work with corporate systems and data. For companies in the new economy, whose product are services typically provided over the Internet, safe identification of their customers is the alpha and omega of business success.
It is very important to ensure not only safe access, but also comfortable and straightforward access
The above data storage models and access strategies can be divided into two use cases, which are supported by Okta technology:
- Identity and authentication of employees
- Customer identity and authentication
Thus, Okta technology not only offers a solution that covers the needs of verification of the company’s core and external employees, but also provides verification of corporate customers, business partners or other companies cooperating remotely in a simple way.
What is important and what Okta places great emphasis on is that the method of logging in is uniform across all company systems, always the same, and that the user always has the same authentication data in all systems. The aim is to avoid a situation where the user has different access data to different systems – ie different login data, different passwords. Such a situation is risky from the point of view of data security.
User and device life cycle
A typical (and bad) procedure in companies when a new employee arrives is to set up different approaches to different systems for him. Some are often forgotten, gradually approaching according to the emerging needs and thus creating unwanted chaos.
An even worse situation occurs when an employee leaves the company. Very often, forgotten accounts remain, which should have been canceled and are not, and this has implications not only for the security of the entire solution, but also for the number of required licenses.
The ideal model for managing the user and device life cycle is to create all user accounts in one place, and these are then automatically linked to the individual systems using Okta technology.
Okta features and tools
- Single Sign-On, that is, single sign-on. The goal is for the user to have a single username or password (if used – ideally an authentication token or other form of authentication) and for the same security policies to be applied across all corporate systems.
- Universal directory. It is a directory service that serves as a single central point that all systems that users log in to with Okta will be trusted. The entire user lifecycle can then be managed from this directory service. However, this does not mean that the existing authentication service needs to be replaced immediately. A reasonable option is to gradually connect existing directory services of the Active Directory type and later replace them or combine with other authentication systems.
- Okta offers several multifactor authentication It has its own Okta Verify application, which is a verification application that works both on mobile devices (iOS and Android) and, for example, on the respective smart watches. If users already use an authenticator, Okta allows you to integrate other third-party authenticators, such as Google Authenticator, RSA Secure ID, Symantec, etc. If the authenticator is not available at the moment, it is possible to use SMS authentication or e-mail. Okta Verify supports push notification (known, for example, from access to Internet banking), when, for example, on a mobile phone from which the user logs in, a request to confirm “yes, it’s me, I want to log in” or “no, it’s mistake”. It is also possible to work off-line, where Okta offers a unique identifier (a six-digit number that is copied into the application). Absolutely unique for Okta is the ability to assess risk by location and other indicators, and in the case of a safe situation, Okta users log in without bothering other factors.
- Okta Life Cycle Management – at the moment when the user is created in the central system, ideally in the Okta Universal Directory, according to defined and set rules (e.g. membership in groups or based on variously set attributes) it is possible to automatically create accounts and assign services in third party systems also incl. license assignment. For the smooth operation of Okta, it has developed its own protocol (SCIM), which allows the creation of user accounts and the creation of actions across many software and systems. Okta supports all major world systems in use and has and its own interface, which can be easily implemented in the corporate system.
Conclusion
Okta is a complex and comprehensive technology for identity management offering many scenarios and undoubtable business and technological leader of this innovative area in the world of IT.
If you need any further information, contact us, we are here for you.