Organizations can roll out single sign-on for cloud and on-premise applications while adding multi-factor authentication to verify user identity with Okta's cloud platform.
Okta unveiled its platform
that offers single sign-on service integrated with multi-factor authentication
to secure cloud-based as well as on-premise applications.
increasingly relying on cloud applications for their business, but relying on
just passwords to secure the data is no longer enough for enterprise security,
Todd McKinnon, CEO and co-founder of Okta, told eWEEK.
Various studies have shown
password reuse across multiple applications and services remains rampant
despite recent high-profile breaches. In fact, Sony reported last week a mass
log-in attempt in which attackers used a list of passwords obtained from a
third-party source and managed to compromise user accounts on the PlayStation
Network and Sony Online Entertainment services.
to be stronger," McKinnon said, adding that Okta provides IT
administrators with a single platform that can manage cloud access
Okta has a catalog of over
1,000 major Web and cloud applications used by enterprises, including
Salesforce.com, Google Apps, Success Factors, ADP for payroll and WebEx.
Popular Websites such as LinkedIn, Facebook, PayPal and Twitter are also
included. Customers just check off the applications to which they want to apply
single sign-on access and Okta will manage the log-in interface for all of
them. Okta can support on-premise applications that run behind the firewall as
well as cloud services, McKinnon said.
Users can easily access all the
applications from a single interface, and administrators can enforce security
policies across all services, according to McKinnon. User accounts can also be
imported and managed from a wide number of applications, including
Salesforce.com and Google Apps.
Okta integrated multi-factor
authentication with the core platform so that it can be applied to all
supported Web and cloud applications even if the specific service doesn't offer
multi-factor capabilities, McKinnon said. Multi-factor options on the platform
include security questions and an Okta-developed soft token that runs on the
user's smartphone, according to McKinnon. Administrators can even decide to
enable multi-factor for only some of the organization's applications instead of
all of them, he said.
have to rely solely on a password to authenticate users," McKinnon said as
they can easily implement additional layers to "make sure people are who
they say they are."
If the user misplaces the
smartphone, there is a phone reset option, which allows the user to call a
certain number and verify identity over the phone before gaining access to an
application. If the user gets a new device, it's just a matter of downloading
the token application from the appropriate application store and setting up the
tokens again. The Okta platform adds user verification to the log-in process as
well as simplifying deployment, McKinnon said.
In the "old"
on-premise software environment, applications were accessible only if the users
were on the corporate network or logged in on a VPN, Eric Berg, vice president
of products and marketing, wrote on the Okta blog. It was easy to protect the
applications, as they were accessible only if the person was able to bypass
building security or use hardware tokens or other multi-factor authentication
mechanisms, according to Berg.
"Until now, there
hasn't been an equivalent set of options for the cloud," Berg said, as
each cloud vendor had its own log-in credentials, and organizations would need
to deploy a separate token or certificate for each service. "Not very
practical," he said.
Customers need a secure and
cost-effective form of authentication without having to deploy hardware tokens,
Okta said. The new platform also integrates with Secure Sockets Layer VPN
products from Juniper and Cisco so that administrators can apply multi-factor
authentication policies defined within Okta to the corporate VPN, as well.