Okta hosted Oktane22 this week in San Francisco. The event, which Okta has dubbed “The identity event of the year,” featured insightful keynotes and a number of major announcements from the company. With celebrity keynotes from Serena Williams and Earvin “Magic” Johnson, and Fitz and the Tantrums performing for the closing party, Okta combined pop culture and entertainment with a ton of information about the future of identity and the importance of an Identity First approach to security.
Cybersecurity remains a key challenge for organizations of all sizes and across all industries—and identity plays a crucial role. Digital transformation and the shift to remote work during the Covid pandemic have dramatically expanded the attack surface, and threat actors continue to evolve the threat landscape. The line between nation-state adversaries and traditional cybercrime has blurred, and we’ve seen a spike in ransomware and phishing attacks. Organizations are adopting zero trust principles and putting identity security at the center of their defenses.
In his keynote on Wednesday, Okta CEO and co-founder Todd McKinnon shared, “As more things get done online, and there’s more information the security risks and opportunities become bigger than ever. And we’re all trying to take advantage of all this technology to build stronger relationships with our customers and move our businesses forward. These trends have been enduring, and they will endure for many years into the future, but we’re in a different time now.”
Okta News from Oktane22
There was a lot of great information shared at Oktane22, including a number of significant announcements from Okta.
Okta revealed that it is joining forces with Digital Ocean, Netlify, and Vercel to simplify identity implementation for app developers. Okta has always had a relationship with developers and has strived to build a powerful partner ecosystem, but the acquisition of Auth0 accelerated Okta’s journey with developers and suddenly brought nearly 3 million unique developers into the Okta community.
The partnerships announced by Okta and the expansion of the developer community is essential for ensuring strong identity security can be easily woven into the apps companies rely on. “Creating compelling experiences is hard enough without having to be an identity expert, too. And the stakes are too high to get it wrong,” said Shiven Ramji, Chief Product Officer, Customer Identity at Okta.
Okta understands that developers don’t want to paint themselves into a corner with the technologies they choose. They want freedom and the power to choose the best solution for the scenario or experience they are building for. Okta believes developers should have the ability to control and customize identity—both now and in the future—and it expressed commitment to neutrality and ensuring that developers are not restricted to a specific technology stack.
Developers want the freedom and power to choose the best solutions for their digital ecosystem. Okta’s commitment to neutrality means not being restricted to a specific technology stack and having the ability to control and customize identity now, and in the future.
Okta Customer Identity Cloud
Apps make the world go ’round, and identity is essential for secure access to apps and data. An average company deploys nearly 90 apps with larger companies approaching 200, and new app downloads have reached the staggering milestone of 230 billion. Okta’s goal is to ensure users can safely access all of those apps with Okta Customer Identity Cloud.
Eugenio Pace, President of Customer Identity at Okta explained, “Conventional wisdom tells us that you can make an application super secure, but very inconvenient to use. Or you can make it super convenient, but at the cost of security or privacy. This is a false choice. Okta’s Customer Identity Cloud, powered by Auth0, makes it possible to improve the overall experience and keep customers secure at the same time, all while enabling app builders to focus on what is most important–innovating for their customers.”
Okta Customer Identity Cloud comes in two distinct flavors to address differentiated use cases: Okta Customer Identity Cloud for Consumer Apps and Okta Customer Identity Cloud for SaaS Apps.
Okta Customer Identity Cloud for Consumer Apps streamlines registration and login across devices, stacks, and platforms to deliver a better experience for users and greater visibility for the organization. It includes social login and progressive profiling, as well as advanced security features like Adaptive Multi-Factor Authentication (MFA).
An Okta press release shared new additional capabilities slated to roll out in 2023:
- Passkeys support: Passkeys are a replacement for passwords that make it faster and easier for users to sign into apps and websites on any device. App builders can turn on passkeys using a toggle in our dashboard, without touching their code.
- Highly Regulated Identity: Highly Regulated Identity is a new toolset that allows customers to safeguard riskier transactions with extra security and policy control.
- Security Center: Security Center leverages Okta’s vast threat insights from billions of authentications to create a single pane of glass for security teams to monitor in real-time, detect, and respond to any suspicious activity.
Okta Customer Identity Cloud for SaaS Apps, on the other hand, is designed with enterprise customers in mind. It provides features such as Enterprise Federation, directory synchronization, delegated administration, provisioning, custom security policies, and more to help organizations onboard new users and manage authentication.
In the press release for Okta Customer Identity Cloud, Okta highlighted two key features that are available in the platform now:
- Okta Workforce Enterprise Connection: Okta Workforce Enterprise Connection makes it easy for SaaS app builders to offer out-of-the-box integrations to Okta Workforce Identity Cloud, providing end-users with a seamless and trustworthy login experience. This enterprise connection is included on all Enterprise and B2B self-service plans for no additional charge, and now easier to discover and configure for SaaS Apps use cases.
- Organizations: Organizations enables SaaS companies to manage and model identity for business customers as organizations, and configure custom, organization-based branding and policies. New support for up to two million organizations per tenant, two million members per organization, and improved search capabilities are available now.
Unified Identity Platform
Identity is at the heart of securing the tech ecosystem, which is why it is also under siege from threat actors. The 2022 Data Breach Investigation Report from Verizon notes concerning trends with phishing—with more than 60% of social-engineering-based attacks attributed to credential abuse. Okta designed Workforce Identity Cloud to provide a neutral, independent, unified identity approach to protect employees, third-parties, and critical infrastructure ecosystems from the dramatic rise in identity-based threats.
Sagnik Nandy, President and Chief Development Officer, Workforce Identity at Okta emphasized that Okta is focused on protecting enterprises and providing a great user experience at the same time. “This requires an identity foundation that not only enables interoperability across today’s broad ecosystem of technology, but offers the simplicity and comprehensiveness to keep workforces agile and IT productive, regardless of the tech stack or use case. Workforce Identity Cloud unifies the identity market’s previously siloed legacy solutions into a cohesive and holistic offering that makes identity a growth driver for enterprises.”
At Oktane22, Okta highlighted new features of Workforce Identity Cloud designed to combat phishing and guard against third-party vulnerabilities. Okta’s press release for Workforce Identity Cloud describes the capabilities:
- Advanced Phishing-Resistant Access Capabilities for FastPass: Provides phishing resistance for all managed devices, and phishing resistance for unmanaged devices across MacOS, Windows, and Android operating systems.
- WebAuthn Allow List: Helps enterprises to lock down WebAuthn enrollment to only hardware keys issued by a specific organization to prevent phishing attempts.
- Passkey Management: Prevents users from enrolling with a multi-device FIDO credential such as passkeys, pre-empting any potential risks of unmanaged and unsecured devices accessing sensitive applications.
- New Enhanced Security Checks for Unmanaged Devices: Gives security teams deeper insight into the devices attempting to access their applications and data, enabling their organizations’ zero trust security initiatives across their entire workforce and supply chain.
The Future of Identity
Okta understands the importance of corporate responsibility and giving back to the community—dedicating significant resources into Okta For Good initiatives. At Oktane22, Okta execs demonstrated that they are also aware of the significance of what they do and the importance of their mission for customers and consumers. Identity will continue to play a central—if not crucial role—in our digital lives for the foreseeable future, and Okta is dedicated to both enabling and securing access to apps and data through identity security.