Discovering the basic features of Okta
Okta has a lot of different products, and organizations can pick and choose as they see fit. The most commonly used are the following:
- Universal Directory (UD)
- SSO
- Adaptive Multifactor Authentication (AMFA)
- Lifecycle Management (LCM)
It’s not always obvious in the administrator portal where one product starts and another one ends. This will be clarified in this book. The products will all be explained with practical examples in the coming chapters, but here is an initial overview.
Universal Directory
UD can be considered the foundation of any Okta setup. UD is the directory of your users, groups, and devices. Users can be sourced by Okta, other directories, an HR system, or even any source that contains user data. For organizations with multiple directories, such as AD, LDAP, G Suite, and an HR system, Okta can offer a complete 360-degree view of the users and their attributes consolidated into one system. Users can be sorted into groups created in Okta and imported from a directory or an application. With Okta’s attribute sourcing feature, the attributes of any user can be sourced by different sources.
Single sign-on
SSO lets us connect applications and lets our users access them through Okta. End users will only have to log in to Okta once and can thereafter access any application they have assigned to them. This is done with integrations based on SAML, WS-Federation, or OpenID Connect or with a simple Secure Web Authentication (SWA), where Okta stores credentials and passes them along to the application in a secure way. In the OIN, more than 7,000 integrations are available, and more are added every day. If the required application isn’t available in the OIN, customers can create their own integrations. This will be described in depth in Chapter 3, Using Single Sign-On for a Great End User Experience.
Multifactor authentication and adaptive multifactor authentication
Included in Okta’s SSO product are basic MFA features. You can easily set up policies to let your users utilize different kinds of authenticators after entering their password. Using the basic IP settings, you can set up network zones that protect your users and block bad actors from the outside.
Many third-party MFA solutions can be integrated with Okta, allowing you to leverage existing and perhaps currently deployed solutions into your Okta MFA policies.
If the basic features of MFA aren’t enough for you, Okta’s Adaptive MFA (AMFA) product brings even more advanced options. With AMFA, you can set and use the context in your MFA policies. The context can be location awareness, device fingerprinting and posture, or impossible velocity. Okta’s device trust options allow you to integrate with your third-party MDM systems to generate even more context around your users and devices.
Lifecycle management
So far, the Okta products we’ve looked at have focused a lot on end user experience and security. LCM is all about automation, easing up the friction between HR and IT. With LCM, organizations are better set up for audits. For instance, with your Okta instance set up—with groups, rules, integrations, and system logs—and access given, it’s easy to show when a user had access to what. With the group rules feature, automation takes over access given, removing the risk of manual errors. This will streamline work for the HR and IT departments, allowing them to do the work by creating the user only once in the organization’s systems. The creation, management, and deletion of users and accounts has never been this easy. Automatic account creation also minimizes mistakes caused by human error. A predetermined setup allows the organization to invest time upfront to create and set up the provisioning, and after that, it will automatically run based on the user’s identity and profile.
With Okta’s LCM functionality, you can also automate access control in certain applications. This allows you, with minimal interaction, to manage users with the correct role, license, entitlement, and group access.
