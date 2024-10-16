Okta announced new Workforce Identity Cloud capabilities to address top security challenges such as unmanaged SaaS service accounts, governance risks, and identity verification. As part of a unified approach, these innovations help protect business before, during and after authentication, providing greater control, visibility, and streamlined user experience.

Why it matters:

Identity in the enterprise is under attack, with 80% of breaches involving some kind of compromised credentials and 1.9 billion session cookies stolen from employees at Fortune 1000 companies last year alone.

Enterprises use an average of over 1,000 SaaS applications3 today and privileged accounts for applications are a rapidly growing and under-managed risk for organizations.

Social engineering and deepfake attacks are becoming more sophisticated and widespread, with deepfake incidents in the financial services sector surging 700% over the past year.

In response to rising identity attacks, over 65% of companies have implemented MFA across their organization. While MFA adoption continues to trend upwards, only about 9% of companies have implemented phishing-resistant MFA such as Okta Fast Pass, which is 3x faster to use

“Identity acts as the first line of defense for critical apps and the connective tissue between security signals, no matter the speed at which an organization moves or the complexity of their technology stack,” said Arnab Bose, CPO, Workforce Identity Cloud at Okta. “By continuously investing in the Okta Workforce Identity Cloud, we’re able to build a more reliable, scalable, and trusted platform that is empowering our customers to adopt a more unified approach to security.”

Better manage identities before the point of log in

To effectively safeguard against identity-based attacks, it’s become essential for organizations to stay proactive by discovering identity posture risks, remediating them, and implementing the principle of least privilege based on their needs.

Secure SaaS Service Accounts

Secure SaaS Service Accounts within Okta Privileged Access is a set of upcoming capabilities to protect non-federated SaaS accounts with vaulting, credential rotation, step-up MFA before secret reveal, and audit trail. With shared accounts easily falling out of the boundaries of traditional identity controls like federation and MFA, this feature provides organizations with centralized control to reduce risk and eliminate standing access.

Governance Analyzer with Okta AI

Governance Analyzer, an upcoming feature of Okta Identity Governance, will empower managers and approvers by providing the insights they need, such as usage data and previous governance decisions, to make informed authorization decisions quickly and confidently.

By utilizing real-time risk assessments and actionable recommendations, it can surface relevant information directly within Okta Identity Governance, enabling decision makers to make critical access decisions seamlessly within their existing workflows. As usage grows, Governance Analyzer will continue to learn and adapt, improving its ability to provide actionable insights and lower risk across the organization.

Protect against social engineering attacks with stronger user verification

Security incidents that involve employee onboarding and account/device recovery are typically a result of bad actors exploiting weak identity verification processes—like temporary passwords or help desk admins who can be socially engineered—that allow them to impersonate legitimate users. As increasing threats pose new security challenges, stronger user verification is needed.

Out-of-the-box integrations for identity verification in early access

Out-of-the-box Integrations for Identity Verification adds another layer for validating an employee or partner is who they say they are by leveraging third-party providers, including Persona, and coming soon Incode, Onfido, Clear, and others, without custom configuration. By enforcing identity verification at any stage of the employee lifecycle, organizations can more effectively mitigate the risk of social engineering and deepfake attacks. The solution leverages multiple techniques, such as verification with government ID databases and liveness checks to verify the identity of the individual with confidence.

Strengthen security while streamlining sign-on experiences

Organizations want their employees to have a simple yet secure experience when working on corporate devices. This means reducing the number of authentication prompts to minimize friction while maintaining the highest security standards.

What’s new and expected in Q1 2025 – Extended Device Single Sign-On

Extended Device Single Sign-On, part of Okta Device Access, will deliver a more secure and seamless SSO experience by initiating a hardware-protected session at device login. This cryptographically binds the user’s identity to their device, significantly reducing the risk of user context-based exploits and phishing attacks. With fewer authentication prompts, users can securely access downstream apps and get to work faster, without compromising on security standards.

Other new advances: