Okta Advances Business Application Authentication With New Services

With new and improved contextual awareness capabilities, paired with analytics, Okta is aiming to help enable the password-less future for authentication.

Okta ThreatInsight

Enterprise identity management vendor Okta announced a series of new products and updates on May 23 that aim to advance the state of access security.

Among the new and updated products announced is Sign In with Okta, a secure authentication system for app providers. Okta is also updating its Adaptive Single Sign-On (SSO) and Multi-Factor Authentication (MFA) offerings with new device context capabilities. Going a step further, Okta's platform now provides the capability for secure, password-less authentication as well.

"The ability to go password-less is based on contextual access management signals including device context, location context, network context and now also ThreatInsight to responsibly allow organizations to eliminate the password for their users," Joe Diamond, Okta's director of security product marketing management, told eWEEK.

ThreatInsight is a new Okta feature that is available in the company's SSO and enhanced MFA products. With ThreatInsight, Okta is bringing enhanced contextual awareness to its platform to enable more secure authentication approaches.

"ThreatInsight powers the access management policies that an admin can create across SSO and MFA products," Diamond said. "It is not a threat feed into the console, but rather an additional security check for suspicious authentication attempts."

ThreatInsight data can also be consumed in third-party tools such as Splunk, according to Diamond. Okta uses a variety of analytics techniques to power ThreatInsight, he noted.

"To derive signal from the noise of all authentications across the Okta Integration Network, we apply heuristics that are optimized over time and result in a signal of risk associated with that authentication event," Diamond said.

While Okta is trying to help enable a password-less model for authentication, it's introducing new technology to help further improve password-based security as well. The new PassProtect tool from Okta is a JavaScript-based tool that websites can use to help users check see whether their passwords have been compromised.

"PassProtect will check the user's email / password against the fabulous Have I Been Pwned? API service to see whether or not the user's email or password has been breached in the past," the PassProtect GitHub project page states.

PassProtect is open source and completely free, Diamond said.


Multiple standards efforts are underway to help improve authentication. Among them is the W3C WebAuthn effort for strong authentication that was announced in April. With WebAuthn, the FIDO (Fast Identity Online) Alliance strong authentication specifications are being standardized.

"We're excited for the adoption of the WebAuthn protocol to enable password-less experiences," Diamond said. "Okta currently supports these experiences in a few ways already, including our new password-less experience enabled by ThreatInsight, as well as our integration into Windows Hello."

Diamond added that Okta is committed to supporting open standards for authentication, and as the W3C finalizes the WebAuthn spec, Okta will incorporate the full WebAuthn implementation into its service. 

"This will allow customers to use WebAuthn-compliant platforms and authenticators for performing step-up and password-less authentication into the Okta service," he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.