Tag Archives: identity

Okta expands into privileged access management and identity governance reporting

Posted on by

Okta today announced it was expanding its platform into a couple of new areas. Up to this point, the company has been known for its identity access management product, giving companies the ability to sign onto multiple cloud products with a single sign on. Today, the company is moving into two new areas: privileged access and identity governance

Privileged access gives companies the ability to provide access on an as-needed basis to a limited number of people to key administrative services inside a company. This could be your database or your servers or any part of your technology stack that is highly sensitive and where you want to tightly control who can access these systems.

Okta CEO Todd McKinnon says that Okta has always been good at locking down the general user population access to cloud services like Salesforce, Office 365 and Gmail. What these cloud services have in common is you access them via a web interface.

Administrators access the speciality accounts using different protocols. “It’s something like secure shell, or you’re using a terminal on your computer to connect to a server in the cloud, or it’s a database connection where you’re actually logging in with a SQL connection, or you’re connecting to a container which is the Kubernetes protocol to actually manage the container,” McKinnon explained.

Privileged access offers a couple of key features including the ability to limit access to a given time window and to record a video of the session so there is an audit trail of exactly what happened while someone was accessing the system. McKinnon says that these features provide additional layers of protection for these sensitive accounts.

Okta COVID-19 app usage report finds it’s not just collaboration seeing a huge uptick

He says that it will be fairly trivial to carve out these accounts because Okta already has divided users into groups and can give these special privileges to only those people in the administrative access group. The challenge was figuring out how to get access to these other kinds of protocols.

The governance piece provides a way for security operations teams to run detailed reports and look for issues related to identity. “Governance provides exception reporting so you can give that to your auditors, and more importantly you can give that to your security team to make sure that you figure out what’s going on and why there is this deviation from your stated policy,” he said.

All of this when combined with the $6.5 billion acquisition of Auth0 last month is part of a larger plan by the company to be what McKinnon calls the identity cloud. He sees a market with several strategic clouds and he believes identity is going to be one of them.

“Because identity is so strategic for everything, it’s unlocking your customer, access, it’s unlocking your employee access, it’s keeping everything secure. And so this expansion, whether it’s customer identity with zero trust or whether it’s doing more on the workforce identity with not just access, but privileged access and identity governance. It’s about identity evolving in this primary cloud,” he said.

While both of these new products were announced today at the company’s virtual Oktane customer conference, they won’t be generally available until the first quarter of next year.

Making sense of the $6.5B Okta-Auth0 deal


By Ron Miller

Okta adds new no-code workflows that use identity to trigger sales and marketing tasks

Posted on by

It seems that no-code is the tech watchword of the year. It refers to the ability to create something that normally would require a developer to code, and replace it with dragging and dropping components instead, putting the task in reach of much less technical business users. Today Okta announced new no-code workflows that provide a way to use identity as a trigger to launch a customer-centric workflow.

Okta co-founder and CEO Todd McKinnon says that the company has created a series of connectors to make it easier to connect identity to a workflow that includes sales and marketing tooling. This comes on the heels of the identity lifecycle workflows, the company introduced at the Oktane customer conference in April.

“For this release we are introducing customer identity workflows which are focused on the connectors for all the customer-specific systems, things like Salesforce and Marketo and all the customer-centric [applications] that you’d want to do with your customer identities. And you can imagine over time that we’re going to expose this to more and more areas that will cover every kind of scenario a company would want to use,” McKinnon told TechCrunch.

Okta launches Lifecycle Management Workflows to make building identity-centric processes easy

McKinnon says that last year the company introduced Platform Services, which pulled apart the various pieces of the platform and exposed them as individual services, which bigger company customers could tap into as needed. He says that this is an extension of that idea, but instead of having to get engineering talent to write complex code to tie the Okta service into say Salesforce, you can simply drag the Salesforce connector to your workflow.

As McKinnon describes this using early adopter MLB as an example, say someone downloads the MLB app, creates a log-in and signs in. At that point, if MLB marketing personnel wanted to connect to any applications outside of Okta, it would normally require leveraging some programming help to make it happen.

But with the new workflow tools, a marketing person can set up a workflow that checks the log-in for fraud, then sends the person’s information automatically into Salesforce to create a customer record, and also triggers a welcome email in Marketo — and all of this could be done automatically triggered by the customer sign up.

Okta workflows showing what happens when a person downloads and app and creates an identiy.

Image Credits: Okta

This functionality was made possible by the $52.5 million acquisition of Azuqua last year. As COO and co-founder Frederic Kerrest wrote in a blog post at the time of the acquisition (and we quoted in the article):

“With Okta and Azuqua, IT teams will be able to use pre-built connectors and logic to create streamlined identity processes and increase operational speed. And, product teams will be able to embed this technology in their own applications alongside Okta’s core authentication and user management technology to build…integrated customer experiences.”

And that’s precisely the kind of approach the company is delivering this week. For now, it’s available as an early adopter program, but as Okta works out the kinks, you can expect them to build on this and add other enterprise workflow connectors to the mix as it expands this vision, giving the company a way to move beyond pure identity management and connect to other parts of the organization.

Okta to acquire workflow automation startup Azuqua for $52.5M


By Ron Miller

Okta launches Lifecycle Management Workflows to make building identity-centric processes easy

Posted on by

Okta, the popular identity and access management service, today used its annual (and now virtual) user conference to launch Lifecycle Management Workflows, a new tool that helps IT teams build and manage IFTTT-like automated processes with the help of an easy to use graphical interface.

The new service is an extension of Okta’s existing automation tools. But the key here is that IT teams and developers can now easily build complex identity-centric workflows across a wide range of applications. With this, these teams can easily automate an onboarding process where setting up a new Okta account also immediately kicks off processes on third-party services like Box, Salesforce, ServiceNow and Slack to set up accounts there. The same goes for offboarding workflows and username creation. A lot of companies still do this manually, which is not just a hassle but also error-prone.

“Adopting more technology is incredibly beneficial for enterprises today, but complexity is a significant side effect of a changing technology ecosystem and workforce. There is no better example of the potential challenges it can create than with lifecycle management,” said Diya Jolly, Chief Product Officer at Okta. “Okta’s vision of enabling any organization to use any technology goes deeper than just access; it’s about improving how organizations use technology. Okta Lifecycle Management Workflows improves the efficiency and security of enterprises through its simple user experience and broad applicability, keeping organizations secure, and efficient without requiring the complexity of writing code.”

Okta, of course, had lifecycle management features before, but now it is also putting its acquisition of Azuqua to work and using that company’s graphical interface and technology for making it easier to create these automation processes. And while the focus right now is on processes like provisioning and de-provisioning accounts, the long-term plan is to expand Workflows with support for more identity processes.

As Okta also stresses, administrators can also manage very granular access across the supported third-party tools like assigning territories in Salesforce or access to specific group channels in Slack, for example. For temporary employees, admins can also set up automatic de-provisioning workflows that revoke access to some tools but maybe leave access to payroll services open for a while longer. There are also built-in tools for automatically managing conflicts when two people have the same name.

“Millions of people rely on Slack every day to make their working lives simpler, more pleasant, and more productive,” said Tamar Yehoshua, Chief Product Officer at Slack, one of the early adopters of this service. “Okta Lifecycle Management Workflows has significantly increased efficiency for us by automating the provisioning and de-provisioning of users from applications in our environment, without us ever having to write a line of code.”

This new feature is part of Okta’s new Platform Services, which the company also debuted today and which currently consists of core technologies like the Okta Identity Engine, Directories Integrations, Insights, Workflow and Devices. The core idea behind Platform Services is to give Okta users the flexibility to manage their unique identity use cases but also to give Okta itself a platform to innovate on. One other new product that sits on top of the platform is Okta Fastpass, for example, which allows for passwordless authentication on any device.

Okta to acquire workflow automation startup Azuqua for $52.5M


By Frederic Lardinois

Okta wants to make every user a security ally

Posted on by

End users tend to get a bad rap in the security business because they are often the weakest security link. They fall for phishing schemes, use weak passwords and often unknowingly are the conduit for malicious actors getting into your company’s systems. Okta wants to change that by giving end users information about suspicious activity involving their login, while letting them share information with the company’s security apparatus when it makes sense.

Okta actually developed a couple of new products under the umbrella SecurityInsights. The end user product is called UserInsights. The other new product, called HealthInsights, is designed for administrators and makes suggestions on how to improve the overall identity posture of a company.

UserInsights lets users know when there is suspicious activity associated with their accounts such as a login from an unrecognized device. If it appears to involve a stolen password, he or she would click the Report button to report the incident to the company’s security apparatus where it would trigger an automated workflow to start an investigation. The person should also obviously change that compromised password.

HealthInsights operates in a similar fashion except for administrators at the system level. It checks the configuration parameters and makes sure the administrator has set up Okta according to industry best practices. When there is a gap between the company’s settings and a best practice, the system alerts the administrator and allows them to fix the problem. This could involve implementing a stricter password policy, creating a block list for known rogue IP addresses or forcing users to use a second factor for certain sensitive operations.

HealthInsight Completed tasks

Health Insights Report. Image: Okta

Okta is first and foremost an identity company. Organizations, large and small, can tap into Okta to have a single-sign-on interface where you can access all of your cloud applications in one place. “If you’re a CIO and you have a bunch of SaaS applications, you have a [bunch of] identity systems to deal with. With Okta, you narrow it down to one system,” CEO Todd McKinnon told TechCrunch.

That means, if your system does get spoofed, you can detect anomalous behavior much more easily because you’re dealing with one logon instead of many. The company developed these new products to take advantage of that, and provide these groups of employees with the information they need to help protect the company’s systems.

The SecurityInsights tools are available starting today.


By Ron Miller

Ping Identity acquires stealthy API security startup Elastic Beam

Posted on by

At the Identiverse conference in Boston today, Ping Identity announced that it has acquired Elastic Beam, a pre-Series A startup that uses artificial intelligence to monitor APIs and help understand when they have been compromised.

Ping also announced a new product, PingIntelligence for APIs, based on the Elastic Beam technology. They did not disclose the sale price.

The product itself is a pretty nifty piece of technology. It automatically detects all the API IP addresses and URLs running inside a customer. It then uses artificial intelligence to search for anomalous behavior and report back when it finds it (or it can automatically shut down access depending on how it’s configured).

“APIs are defined either in the API gateway because that facilitates creation or implemented on an application server like node.js. We created a platform that could bring a level of protection to both,” company founder Bernard Harguindeguy told TechCrunch.

It may seem like an odd match for Ping, which after all, is an enterprise identity company, but there are reasonable connections here. Perhaps the biggest is that CEO Andre Durand wants to see his company making increasing use of AI and machine learning for identity security in general. It’s also worth noting that his company has had an API security product in its portfolio for over five years, so it’s not a huge stretch to buy Elastic Beam.

With this purchase, Ping has not only acquired some advanced technology, it has also acqui-hired a team of AI and machine learning experts that could help inject the entire Ping product line with AI and machine learning smarts. “Nobody should be surprised who has been watching that Ping will drive machine learning AI and general intelligence into our identity platform,” Durand said.

Harguindeguy certainly sees the potential here. “I think we can over time bring a high level of monitoring and intelligence to Ping to understand whether an identity may have been used by someone else or being misused somehow,” he said.

Elastic Beam interface. Photo: Elastic Beam website

Harguindeguy will join Ping Identity as Senior Vice President of Intelligence along with his entire team. Neither company would divulge the exact number of employees, but Durand did acknowledge it fell somewhere between the 11 and 50 mentioned in the company Crunchbase profile. The original team consisted of around 10 according to  Harguindeguy and they have been hiring for some time, so fair to say more than 11, but less than 50.

Harguindeguy says they were pursued by more than one company (although he wouldn’t say who those other companies were), but he felt that Ping provided a good cultural match for his company and could take them where they wanted to go faster than they could on their own, even with Series A money.

“We realized this is going to be really big. How do we go after the market really strongly really fast? We saw that we could could fuse this really fast with Ping and have strong go- to market with with them,” he said.

Durand acknowledged that Ping, which was itself acquired by Vista Equity Partners for $600 million two years ago, couldn’t have made such an acquisition without the backing of a larger firm like this. “There was there was no chance we could have done either UnboundID (which the company acquired in August 2016) or Elastic Beam on our own. This was purely an artifact of being part of the Vista family portfolio,” he said.

PingIntelligence for APIs, the product based on Elastic Beam’s technology, is currently in private preview. It should be generally available some time later this year.


By Ron Miller