Cloud services as opportunity and risk
Many of our customers make use of public / private cloud offerings nowadays. Most of them do not only use one cloud service that can fulfill all needs – a variety of services is introduced that creates a new problem within this “nice and easy” public cloud world. Each system has its own user management, its own login and security policies.
The possibility to login to many systems using your facebook / google makes the situation worse from a company’s point of view. Handling such ecosystems is extremely hard for IT departments that are responsible for secure IT operations.
The topic „Single-Sign on“ and Identity Management plays a big role for customers who are concerned with this kind of challenges. We see this as an important topic for companies to be able to use cloud services in an organized and controlled way.
A central place to activate, entitle and control user accounts is a challenging but absolutely mandatory task.
There are Identity Management and Single-sign on solutions available from all big players such as Microsoft, SAP or IBM. Their priority is to integrate their own solutions. Other vendors might be integrateable but only with great effort.
What about other public cloud services customers make use of such as Atlassian, Salesforce, AWS, Google, Twitter, Facebook and many more?
Okta offers a centralized identity management Cloud plus various single-sign on solutions out of the box.
Okta is a cloud service that is hosted within the EU at AWS (Frankfort and Dublin) – you can also restrict the service to be only hosted within Germany.
Okta is not well known in Germany yet – but it is one of the market leaders in the world in terms of Identity Management and Single-Sign on solutions (Source Gartner magic quadrant for access management)
Our experiences with Okta
We were able to gather positive technical experience with Okta.
The initial setup consists of a basic setup of your Okta cloud tenant. The installation of a lightweight Okta client on your internal AD system securely synchronizes all user data into Okta cloud.
After this you can easily delegate Administration rights and enable user access to the Okta environment.
This process does not take longer than 30 minutes. The integration of Atlassian WIKI, Twitter, IBM Connections Cloud and many more is very handy.
You control which user data / login account is mandatory for the applications login using simple formulas.
You are able to consolidate various LDAP sources within Okta Cloud – this solves another painful problem many customers are facing.
One feature I like most is the possibility to extend the login with a configurable 2-factor authentication.
The seconds factor can be a SMS token, google authenticator, Okta verify (Okta app) and many more.
You can control and enable / disable the second factor based on location information (e.g. access from the local network doesn`t require 2-factor authentication but access from internet does)
The Okta package includes a browser plugin that simplifies login to enabled applications even more.
In total our experiences are very positive. Up till now we did not miss any feature or setting – okay… we did not test all functionality yet.
We are using our tenant since eight weeks – everything works smooth without interruptions.
To sum it up it`s a tool you can use to provide login to various cloud services without the need to start a pricy SSO, SAML or Identity Management project.
Security does not stop at your own firewall
When looking at on-premise many companies drove a strong consolidation up to a central access / authorization system within the last years – mainly based on Microsoft AD (which is the right direction).
Much of this process is lost through the rising amount of used cloud services. Hopefully more companies recognize that they also need a solution for those challenges! The perfect answer is Okta!
If you want to know more about Okta, pls. get into contact with us (firstname.lastname@example.org).