Okta aims for a passwordless future, adding more use cases

Get a free Techzine subscription!

During Oktane Live, Okta unveiled the future plans for its identity platform. Initially, a significant event in San Francisco was supposed to create extra buzz for these announcements. After all, there are quite a few changes and extras planned that could use some in-person explanation. However, due to the coronavirus outbreak, a digital edition of the user event was created, which allowed several announcements to continue regardless. The event made it clear that Okta is moving forward: almost every user can expect extra functionalities in the near future. The key message is passwordless, and more use cases.

Okta has been active in the IT market for more than ten years. During that time, it was able to grow into a relevant supplier of a Identity and access management as a Service (IDaaS) platform. This provides companies a solution for managing the identity of many IT solutions. For employees, this is useful because they get a single portal for accessing the applications that are relevant to them. With the expected growth of applications used by employees, this seems increasingly important. A central identity hub is also desirable for IT admins. They can use it for setting up access policies and controlling access to systems during off- and onboarding of employees.

Before Okta launched this IDaaS approach, there were similar solutions on the market. However, these were often from large IT vendors and at the time were almost primarily focused on their own solutions. For example, an identity platform that existed alongside an ERP package and BI solution from a single supplier. Nowadays, these solutions work together with numerous products that are not from the same supplier. However, Okta continues to innovate to distinguish itself with more than just integrations.

Tip: Okta holds the key to future identity management

True passwordless is about to begin

One of the ways the company wants to achieve this, is by enabling ‘true passwordless’. The company can make this promise because of the rigorous steps of computers and smartphones in recent years. Three years ago, phones with facial recognition were introduced, and now PCs have this feature as well. At the time, there was already talk of password-free login, but the reality is that we enter login details several times a day to use applications. Okta is now extending password-free login a bit further, bringing it to business applications as well.

The passwordless feature is called FastPass and works with Windows, macOS, Android and iOS (Linux integration is not included at launch). If you go through the authentication process on your Windows 10 device, for example, you could use the Windows Hello facial recognition technology. A successful login on Hello is linked to the Okta platform with FastPass, which means you are automatically authenticated for Okta. The platform then has enough reliable identity information about you and knows that you are who you say you are. This eliminates the need to enter login details for business applications, so you no longer have to log in to your VMware or AWS account with a username and password.

To get this to work, an Okta agent must be running on the endpoint. This small application collects the biometric information that is retrieved at many endpoints by default. It also collects some basic data, which is useful for the system administrator, like which operating system the endpoint runs. Ultimately, this is a lightweight application that has almost no performance impact and feeds the data back to the Okta platform.

This paswordless feature can tackle a variety of problems companies often face. It is common for employees to forget passwords, resulting in not having direct access to certain systems and information.

Support for more specific scenarios

FastPass works mainly because of an agent, but is only operational when the so-called Platform Services are used. These services have been highlighted in the portfolio, as there are some new services planned in addition to the existing ones. A total of six services are part of these Platform Services.

The Okta Platform Services offer the following features:

  • Identity Engine: performs a series of steps for customised authentication, authorisation and registration flows.
  • Directories: complements Okta Universal Directory and User Management, which should increase the flexibility and scalability of the products.
  • Integrations: a service for building integrations with other products via the Okta platform, for example, for a custom app. Okta offers templates, frameworks and tooling for this purpose. The built integrations can also be published on the Okta Integration Network.
  • Insights: with these services, Okta data can be analyzed. The components ThreatInsight, HealthInsight and UserInsight from the basis of this functionality. They are designed to improve security capabilities by blocking malicious IP addresses, providing personalized recommendations for security policies and settings, and informing end users of suspicious activities.
  • Workflows: automates complex identity processes, primarily a drag-and-drop (no-code/low-code) interface.
  • Devices: Gathers device identity and context for features such as FastPass, Limited Access, Device Visibility and Remote Sign-out.

Ultimately, the aggressive positioning of the Platform Services shakes up the architecture of the platform. Users will be able to build their own features, enabling custom-build functionalities for specific use cases. For example, workflows can be customised with If This Then That-scenarios. This could be useful for onboarding of a new sales employee, so the process of getting access to the right applications and parts of applications runs smoothly.

Addressing a broad target group

It looks like Okta is going to make some hefty updates in the next months. We have to see how everything will work when the new features are live, but nonetheless everything sounds promising. If the passwordless idea turns out exactly as promised, then pretty much every end-user will benefit from it. FastPass uses the services Directories, Identity Engine and Devices of which the latter two will only release at the end of 2020. Thus, the passwordless FastPass-feature will likely see a final release at the end of the year. The passwordless feature is currently available as an early access product.

On the other hand, the so-called Okta Platform Services provides extra functionalities for IT professionals and business users. This seems to give the impression that the identity platform wants to appeal to a broader set of use cases in the near future.