Okta Workforce Identity Cloud innovations strengthen enterprise security and productivity
Okta introduced new innovations for Okta Workforce Identity Cloud, strengthening its single control plane for managing identity across all enterprise resources and users.
New innovations include anti-phishing factors across user types and resources, and unified access management, governance, and privileged capabilities through a user-friendly solution end users and IT professionals love.
Enterprise workforces today are made up of employees, contractors, and business partners leveraging technologies across on-premise, cloud, and hybrid environments to meet their goals. In a complex and rapidly changing technology ecosystem, identity remains critical connective tissue between the ecosystem of people and the technologies they need to do their best work.
Phishing in particular continues to be one of the most pressing problems, with more than 60% of social engineering-driven data breaches attributed to credential abuse, according to Verizon’s 2022 Data Breach Investigations Report. As the enterprise becomes more heterogeneous, enterprises need a unified identity approach to protect employees, third-parties, and critical infrastructure from rising identity-based threats.
“Okta makes it easy to both protect enterprises and deliver an amazing experience for every user connecting from any device or location,” said Sagnik Nandy, President and Chief Development Officer, Workforce Identity at Okta. “This requires an identity foundation that not only enables interoperability across today’s broad ecosystem of technology, but offers the simplicity and comprehensiveness to keep workforces agile and IT productive, regardless of the tech stack or use case. Workforce Identity Cloud unifies the identity market’s previously siloed legacy solutions into a cohesive and holistic offering that makes identity a growth driver for enterprises.”
“Kyndryl designs, builds, manages, and modernizes the mission-critical technology systems the world depends on every day,” said Cory Musselman, Chief Information Security Officer at Kyndryl. “To power this work, we need our teams moving fast and our systems secure. Okta’s unified identity solution is a big part of how we make access and governance simple and secure across our IT estate and global employees. Being able to get our arms around all our people and resources keeps Kyndryl’s business accelerating forward.”
Anti-phishing authentication and threat response for all who interact with your enterprise
Numerous high-profile cybersecurity breaches have shown that today’s enterprise is under attack, and its people are the primary target, including contractors, partners, and vendors. Okta is introducing new, easy-to-use security features for Workforce Identity Cloud, offering protection against credential-focused phishing for any user across any device at scale. Workforce Identity Cloud’s independence and neutrality enables customers to extend anti-phishing to the entire ecosystem of workforce users, who are accessing an enterprise’s resources through heterogeneous endpoints and operating systems.
Enterprises can combat phishing and third-party vulnerabilities with new security features such as:
- Advanced phishing-resistant access capabilities for FastPass: Provides phishing resistance for all managed devices, and phishing resistance for unmanaged devices across MacOS, Windows, and Android operating systems.
- WebAuthn allow list: Helps enterprises to lock down WebAuthn enrollment to only hardware keys issued by a specific organization to prevent phishing attempts.
- Passkey management: Prevents users from enrolling with a multi-device FIDO credential such as passkeys, pre-empting any potential risks of unmanaged and unsecured devices accessing sensitive applications.
- New enhanced security checks for unmanaged devices: Gives security teams deeper insight into the devices attempting to access their applications and data, enabling their organizations’ zero trust security initiatives across their entire workforce and supply chain.
The latest anti-phishing features are further supported by new security use cases for Okta’s no-code automation tool, Workflows. Enterprises can leverage Workflows to orchestrate security responses and enable additional security actions as a precaution after a security event, such as a blocked phishing attempt. Workflows is specifically designed to automate identity actions, with new use cases offering users a simpler way to solve identity and security-based automation challenges, and mitigate the risks of third-party organizations, users, and devices.
Workflows users can create new security automation responses with the following features:
- Security templates: Empowers teams to take proactive measures such as identifying changes in user behavior that create a risk to the organization, continuously monitoring and improving the organization’s security posture, or fully automating security policy enforcement at the identity layer.
- Connector builder: Simplifies the building of new connectors without code using Workflows’ no-code designer. Technology vendors can use Connector Builder to create connectors for their customers, and admins can also easily connect custom tools.
“Recorded Future empowers enterprises with the right intelligence at the right time to keep people and infrastructure safe from threats,” said Craig Adams, Chief Product & Engineering Officer at Recorded Future. “Identity-based attacks are on the rise and Multi-factor Authentication (MFA) is not enough. Recorded Future’s Identity Intelligence connector for Okta Workflows goes beyond MFA to provide customers with automated visibility into compromised identities, including those that can bypass MFA, before exposed credentials are weaponized against them.”
Comprehensive governance controls to manage user access for only when they need it
Okta Identity Governance simplifies the process of requesting and granting access to resources by meeting end users where they are. Okta Identity Governance is built on Okta’s cloud-native technology and integrated across Workforce Identity Cloud to improve an organization’s security and compliance posture, while still being easy to use for IT teams and end users. New event-based certifications take advantage of Okta’s unified approach to identity governance and access management, enabling sharing of signals across the platform for contextualized governance capabilities across an organization’s broad workforce, ultimately keeping businesses secure and compliant.
Integrated privileged access to keep every resource secure without slowing innovation
Okta Privileged Access builds off the infrastructure access capabilities of Okta Advanced Server Access by adding the hardened security and compliance layer required for privileged admin access. Okta Privileged Access will enable customers to secure highly-privileged credentials for admin and root accounts using Okta’s vaulting service that automatically rotates passwords and provides individual accountability for access to shared accounts.
Okta customers can also use Okta Privileged Access to manage privileged access requests and approvals for infrastructure managed by Okta, as well as generate privileged entitlement reports to satisfy audit and compliance requirements. Okta Privileged Access gives admins the necessary tools to bolster security for privileged resources, monitor and record privileged access, and run detailed compliance reports for auditors.
Key new capabilities of Okta Privileged Access include:
- Credential vaulting: Provides credential vaulting and rotation for Local User Accounts and human-managed shared secrets, and will provide just-in-time (JIT) access request and approval workflows for human, machine, and application users alike, eliminating the need for unnecessary standing permissions.
- Privileged governance and compliance: Generates privileged access reports and added session management capabilities, creating an audit trail to detect and prevent unwanted behavior, and to aid in proving compliance.
- Modern infrastructure access management: Offers passwordless access management using ephemeral certificate-based authorization for modern infrastructure including Kubernetes, Linux, and Windows servers.
Consolidating identity management into a single control plane
Workforce Identity Cloud unifies Okta Identity Governance and Okta Privileged Access with Okta’s core Identity and Access Management (IAM) technology to deliver holistic visibility and control of all identities. Combining these components puts power and control in the hands of IT without compromising on security or user experience for the rest of the business. The unified solution delivers a newfound agility for workforces who no longer have to navigate multiple end-user experiences and improves IT efficiency by not requiring them to integrate siloed identity systems.
Okta’s unified identity platform approach enables enterprises to:
- Automate processes across IAM, Okta Identity Governance, and Okta Privileged Access: Integrates multiple identity solutions into a single platform with low time to value and without using code or APIs.
- End identity silos: Drives better security and compliance outcomes by eliminating identity silos to provide end-to-end governance and access management.
- Streamline management of enterprise identities: Enhances management of access and entitlements across every resource, and for any user with any level of privilege.
New Enhanced Security Checks for Unmanaged Devices is now generally available through Adaptive MFA. Workflows Security Templates are now generally available. Passkey Management is currently in Early Access and will be available through MFA and Adaptive MFA. Okta FastPass with enhanced phishing resistance factors will be generally available and WebAuthn Allow List will be in Early Access in Q1 of 2023 through MFA and Adaptive MFA.
Workflows Connector Builder will be generally available in Q1 of 2023. Okta Identity Governance is generally available in North America today and will be globally available in Q4 of 2022 as a standalone offering. Okta Privileged Access will be in Early Access in Q2 of 2023 and generally available in Q4 of 2023 as a standalone offering.
Any unreleased products, features, or functionality referenced in this release that are not currently available, may not be delivered on time or at all. Product roadmaps do not represent a commitment, obligation, or promise to deliver any product, feature, or functionality, and customers should not rely on them to make purchase decisions.