The OneApp free solution is part of Okta’s long-term plan to be the de facto identity layer in any software. Okta ThreatInsight, available later this year, will replace passwords by using contextual information about users, devices and networks to assess threats.
Today, at their Oktane 18 customer event in Las Vegas, identity provider Okta is making two significant announcements. First, they have announced a free version of their product, One App, which as its name indicates, provides the ability to use Okta’s technology in a single app for free, with the caveat that the branding of Powered by Okta must be included. Secondly, Okta is announcing ThreatInsight, new functionality that will let organizations use Okta’s contextual access management to eliminate the login password as a primary factor of authentication.
By offering the free version of their technology, Okta is driving their strategy of being the identity layer in any piece of software. That’s their long-term vision, which was first promulgated last August when they launched an expanded API offering. Okta One App is an offering in the Okta API Products line that removes the developer complexity in delivering customer identity, speeds up time to market, and provides an easy experience for end users.
“Okta One App is an additional path for organizations and developers to tap into the benefits of Okta,” said Joe Diamond, Okta’s director of security product marketing. “It lets them start, for free, with a single application. There’s no limitation of features. It’s the same multi-factor authentication feature set as in the paid products. But it is limited to a single application, and the developer must put ‘Powered by Okta’ within the application.”
To help developers use the OneApp offering, Okta provides out-of-the-box customizable UX components, a full set of SDKs, and a comprehensive REST API that provides granular control over identity workflows and UX.
“This is something that we believe will run the entire gamut of use cases,” Diamond said. “Even the largest of the large would use this, as well as emerging companies.”
The other important Okta announcement heralds the promise of organizations being able to eliminate login passwords as a primary factor of authentication, replacing them with the Okta contextual access management features in their new ThreatInsight functionality. It combines signals such as device, location and network context with threat intelligence from across Oktas ecosystem through new ThreatInsight functionality. ThreatInsight will be available in both Oktas new Adaptive Single Sign-On and enhanced Adaptive Multi-Factor Authentication products.
“Okta is making great strides in making investments to eliminate passwords for end users, which is something that the industry has been trying to get rid of forever,” Diamond said. “We now have enough information wrapped around authentication requests which we can use to eliminate them.”
Diamond said that this starts with a new feature – Okta ThreatInsight – threat intelligence curated by Oktas incident response team through their ecosystem of more than 4,350 customers and 5,500 partners in the Okta Integration Network.
“Okta ThreatInsight gives customers the contextual access management data they need to derive conclusions about whether a request is safe or malicious,” Diamond indicated. “An organization can determine if a request is coming from a malicious IP address, and they can assess with behavioral capabilities usage trends that determine if the request is coming from a device associated with a specific user, a known network, or places from which they user typically works. Deviations from this will allow them to force a prompt or deny access altogether.”
For example, if a user attempts to authenticate from a recognized IP address, on a known device and on the company s corporate network, the user would be considered low risk, and would not need a password in order to login. Instead, the user would be prompted for an alternate factor, such as Okta Verify Push. If a user attempts to authenticate from an unmanaged (though known) device but in a new location, the user would be considered moderate risk and be prompted both for a security question and a second factor, such as Okta Verify. However, if a user attempts to authenticate from an unmanaged and unknown device and from a connection with a high threat level, the user would be considered high risk and Okta would not allow access at all.
“With this, we are comfortable not requiring a password,” Diamond said. “This is what we view as responsible elimination of passwords, using information about the behavioral capabilities now available to us instead.”
This new context-driven functionality will be available in Okta’s enhanced Adaptive MFA offering, and in Okta’s new Adaptive Single Sign On offering. Okta Adaptive SSO will provide seamless, simple authentication together with the ability to integrate with a third-party enterprise mobility management solution like AirWatch or MobileIron.
Adaptive SSO is available starting today. ThreatInsight is scheduled to be available during the second half of this year.