Okta Brings Multi-Factor Authentication, Single Sign-On to Cloud Apps

Okta unveiled its platform that offers single sign-on service integrated with multi-factor authentication to secure cloud-based as well as on-premise applications.

Organizations are increasingly relying on cloud applications for their business, but relying on just passwords to secure the data is no longer enough for enterprise security, Todd McKinnon, CEO and co-founder of Okta, told eWEEK.

Various studies have shown password reuse across multiple applications and services remains rampant despite recent high-profile breaches. In fact, Sony reported last week a mass log-in attempt in which attackers used a list of passwords obtained from a third-party source and managed to compromise user accounts on the PlayStation Network and Sony Online Entertainment services.

"Authentication needs to be stronger," McKinnon said, adding that Okta provides IT administrators with a single platform that can manage cloud access consistently.

Okta has a catalog of over 1,000 major Web and cloud applications used by enterprises, including Salesforce.com, Google Apps, Success Factors, ADP for payroll and WebEx. Popular Websites such as LinkedIn, Facebook, PayPal and Twitter are also included. Customers just check off the applications to which they want to apply single sign-on access and Okta will manage the log-in interface for all of them. Okta can support on-premise applications that run behind the firewall as well as cloud services, McKinnon said.

Users can easily access all the applications from a single interface, and administrators can enforce security policies across all services, according to McKinnon. User accounts can also be imported and managed from a wide number of applications, including Salesforce.com and Google Apps.

Okta integrated multi-factor authentication with the core platform so that it can be applied to all supported Web and cloud applications even if the specific service doesn't offer multi-factor capabilities, McKinnon said. Multi-factor options on the platform include security questions and an Okta-developed soft token that runs on the user's smartphone, according to McKinnon. Administrators can even decide to enable multi-factor for only some of the organization's applications instead of all of them, he said.

Organizations "don’t have to rely solely on a password to authenticate users," McKinnon said as they can easily implement additional layers to "make sure people are who they say they are."

If the user misplaces the smartphone, there is a phone reset option, which allows the user to call a certain number and verify identity over the phone before gaining access to an application. If the user gets a new device, it's just a matter of downloading the token application from the appropriate application store and setting up the tokens again. The Okta platform adds user verification to the log-in process as well as simplifying deployment, McKinnon said.

In the "old" on-premise software environment, applications were accessible only if the users were on the corporate network or logged in on a VPN, Eric Berg, vice president of products and marketing, wrote on the Okta blog. It was easy to protect the applications, as they were accessible only if the person was able to bypass building security or use hardware tokens or other multi-factor authentication mechanisms, according to Berg.

"Until now, there hasn't been an equivalent set of options for the cloud," Berg said, as each cloud vendor had its own log-in credentials, and organizations would need to deploy a separate token or certificate for each service. "Not very practical," he said.

Customers need a secure and cost-effective form of authentication without having to deploy hardware tokens, Okta said. The new platform also integrates with Secure Sockets Layer VPN products from Juniper and Cisco so that administrators can apply multi-factor authentication policies defined within Okta to the corporate VPN, as well.