Moving Beyond User Names & Passwords Okta Inc. info@okta.com 1-888-722-7871



Similar documents
Moving Beyond User Names & Passwords

Building Secure Multi-Factor Authentication

White paper Contents

Securing your Mobile Workforce with Okta and Espion

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

Simpler, Smarter Authentication with Okta. Okta Inc. 301 Brannan Street San Francisco, CA

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta Inc. 301 Brannan Street San Francisco, CA 94107

Addressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

STRONGER AUTHENTICATION for CA SiteMinder

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Google Identity Services for work

Office365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA

Avoid the Hidden Costs of AD FS with Okta

ADDING STRONGER AUTHENTICATION for VPN Access Control

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Identity in the Cloud

White Paper. The Principles of Tokenless Two-Factor Authentication

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

PULSE SECURE FOR GOOGLE ANDROID

Okta Mobility Management

Ensuring the security of your mobile business intelligence

Guide to Evaluating Multi-Factor Authentication Solutions

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

NCSU SSO. Case Study

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Securing Virtual Desktop Infrastructures with Strong Authentication

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

ProtectID. for Financial Services

EasiShare Whitepaper - Empowering Your Mobile Workforce

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

Advanced Biometric Technology

How To Make Your Computer System More Secure And Secure

Securing corporate assets with two factor authentication

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Authentication Solutions Buyer's Guide

Remote Access Securing Your Employees Out of the Office

A brief on Two-Factor Authentication

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Citrix Netscaler Advanced guide for SMS PASSCODE SMS PASSCODE 2014

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Speeding Office 365 Implementation Using Identity-as-a-Service

WHITE PAPER. Active Directory and the Cloud

Identity & Access Management in the Cloud: Fewer passwords, more productivity

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

Using Entrust certificates with VPN

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Why SMS for 2FA? MessageMedia Industry Intelligence

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Security Architecture Whitepaper

SECUREAUTH IDP AND OFFICE 365

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Keeping your VPN protected

ADAPTIVE USER AUTHENTICATION

Security Considerations for DirectAccess Deployments. Whitepaper

expanding web single sign-on to cloud and mobile environments agility made possible

Centrify Cloud Connector Deployment Guide

Modern two-factor authentication: Easy. Affordable. Secure.

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

Adding Stronger Authentication to your Portal and Cloud Apps

Ultra-strong authentication to protect network access and assets

Media Shuttle s Defense-in- Depth Security Strategy

Ultra-strong authentication to protect network access and assets

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Entrust IdentityGuard Comprehensive

Adaptive User Authentication

nexus Hybrid Access Gateway

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

Proven. Trusted.

Enhanced Security for Online Banking

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Multi-factor authentication

How to reduce the cost and complexity of two factor authentication

Swivel Secure and the Cloud

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Securing mobile devices in the business environment

Deeper Levels of Security with Intel Identity Protection Technology

Cisco Software-as-a-Service (SaaS) Access Control

PortWise Access Management Suite

The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices

Transcription:

Moving Beyond User Names & Passwords An Overview of Okta s Multifactor Authentication Capability Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871

Contents 1 Moving Beyond User Names and Passwords 1 Enter Multifactor Authentication 1 MFA For On Premises and Cloud Apps 2 The Okta Solution 2 Fully Integrated with the Okta Service 2 Works with your VPN 2 Flexible, Secure Verification Options 2 Security Question 2 Soft Token 2 Text Message 3 Centralized Policy Management 3 Easy for Administrators and Users 3 Extensible to Third-Party MFA Solutions 4 Conclusion 4 About Okta

Moving Beyond User Names and Passwords Typical web applications are protected with single-factor authentication: a user name and password. These credentials, in addition to being difficult to manage, leave sensitive data and applications vulnerable to a variety of common attacks. Attackers are using increasingly prevalent and sophisticated techniques to steal passwords to consumer, banking, and enterprise applications. Individual users are vulnerable to password theft via highly targeted spear phishing attacks, while large groups of users can be compromised by an attack on a specific vendor holding their credentials. These credentials are then sold individually or in bulk on the black market to any criminal organization that might want them. Examples of recent large-scale password thefts include attacks on Sony and LastPass. In June 2011, the Sony website was broken into and hackers compromised over 1,000,000 users personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. t In LastPass s case, the May 2011 breach potentially exposed user names and passwords to a wide swath of web applications. 2 The effect of a stolen password is magnified by the fact that users frequently reuse passwords across multiple applications. This means that a stolen Facebook or nytimes.com password may compromise users Salesforce.com or Active Directory accounts. A recent study by the Internet security company BitDefender revealed that 75 percent of social networking user name and password samples collected online were identical to those used for email accounts. 3 As enterprises adopt more cloud applications, addressing this threat will become critical. Unlike older on-premises applications, cloud applications are accessible to anyone on the public Internet. And while enterprise cloud software vendors like Salesforce.com and Workday go to considerable measures to ensure they run a highly available and secure service, their login screens are equally as available to attackers as to legitimate users. Enter Multifactor Authentication Multifactor authentication (MFA) is designed to protect against the range of attacks that rely on stealing user credentials. Organizations can use a variety of techniques, but all work by requiring the user to provide something in addition to their primary password something the user is, has, or knows before they can be authenticated to the protected service. With MFA in place, even if a user s password is stolen, his account is safe from unauthorized access. MFA For On Premises and Cloud Apps Multifactor authentication has been in use for decades, most commonly by enterprises adding protection to their VPN gateways and other sensitive resources. This was particularly helpful because VPN gateways provided a single point of entry to on-premises applications that generally just required a user name and password to access. Today, as key business systems migrate to the public cloud, critical data is as likely to be stored in the cloud as it is behind the firewall and every organization has a mix of on premises and cloud applications to protect. Most cloud based applications leverage their own siloed identity store and security model to protect this data, making it difficult if not impossible for IT organization to enforce uniform control policies across all of their applications as they did with MFA on a VPN for on premises apps. Adding MFA one app at a time is simply not practical, as it would require administrators and users to juggle dozens of factor types across as many applications. What organizations need is a unified access gateway that applies equally to VPNs and on-premises and cloudbased applications. Moreover, today s cloud applications do not easily integrate with existing enterprise products used to monitor dangerous security events, which can make password breaches of enterprise cloud apps difficult if not impossible for most IT organizations to detect. 1

The Okta Solution Okta is an enterprise grade identity management service, built from the ground up in the cloud and delivered with an unwavering focus on customer success. The Okta service provides directory services, single sign-on, strong authentication, provisioning, workflow, and built in reporting. Okta s s secure, flexible multifactor authentication comes included as part of the core identity and access management service. Designed to protect against today s phishing attacks, stolen passwords, and shared credentials, Okta s MFA solution provides both the highest security and simplest administration possible. Okta s native multifactor options can be centrally administered in an integrated fashion, or Okta integrates with existing third-party multifactor solutions such as Verisign VIP or RSA. Okta also provides options to easily replace or integrate with existing strong authentication solutions, such as RADIUS. Flexible, Secure Verification Options Organizations can choose from a variety of second factor options, balancing the needs of their user base, the sensitivity of the applications they are protecting, and overall ease of use. Security Question Security questions offer added protection by requiring users to provide additional information beyond simple user name and password. This option requires no additional devices and minimal user configuration. Fully Integrated with the Okta Service Password Soft Token, Security Question or 3rd Party Multifactor Access & Security Policy Frequency Location Application Soft Token Okta s soft token is designed for absolute simplicity for the user, Okta provides multifactor authentication as a core feature of the Okta identity management service if organizations don t already have their own solution. Okta builds all MFA functionality with the same focus on flexibility, security, and ease of use that we apply to all other aspects of our product, and it comes bundled with the Okta solution. Works with your VPN Okta s Single Sign-On and MFA solution works with any SAMLenabled SSL VPN, including Juniper SA and Cisco ASA. This enables comprehensive, seamless authentication across all enterprise applications accessed from the public Internet, whether cloudbased, in the DMZ, or protected by a VPN. and comprehensive security for the Okta administrator. The app can be installed directly from both the Android and Apple App Stores, or directly from Okta for BlackBerry users. It self-configures using the device s integrated camera. Once installed, users simply read a six-digit number, generated using the industry standard Time-Based One-Time Password algorithm, from their phone screen to access protected resources. Text Message For those users who need something stronger than a security question but don t have a smartphone, Okta s MFA also offers a text message option which will work with any SMS enabled cell phone. Like the other MFA options it is built into the service, not additional third party services required it just works. 2

Centralized Policy Management Easy for Administrators and Users One Okta policy controls access to all applications, whether cloudbased or on-premises. Policies can control how often and when to ask users for additional verification. Frequency can range from every login to once per device. Okta s multifactor authentication solution is easy to use for both administrators and users. As an Okta service, it is fully cloud delivered no on-premises software or hardware is required. It can be enabled with just two clicks in the Okta administrative interface. Users are fully empowered to self-administer their tokens on their smartphones, subject to the policies administrators define. No clumsy hard tokens or complex SSL certificates are required. Extensible to Third-Party MFA Solutions In addition to native Okta MFA support, Okta also integrates with a variety of existing MFA solutions such as Versign VIP and RSA. By leveraging the same extensible architecture that enables Okta to provide a set of pre- integrated applications, customers can also leverage existing MFA products in conjunction with the Okta service. Okta provides multiple options for MFA Extra verification can be required for all apps or individual apps, and separate policies can be established for internal and external users. App specific MFA enables flexible policies 3

Conclusion About Okta Okta provides a unified multifactor authentication solution for your cloud and on premises applications with an architecture designed for both higher levels of security and ease of use for users and administrators. It is an integral part of the core Okta service and comes bundled with every edition of the Okta service. With Okta s multifactor authentication, a single policy and token can be used to secure any application managed by the service. It works with cloud-based applications, SSL VPNs, and on-premises web apps. Enabling Okta with MFA protects business-critical data from the most prevalent attacks on the Internet today. Okta is the foundation for secure connections between people and technology. By harnessing the power of the cloud, Okta allows people to access applications on any device at any time, while still enforcing strong security policies. It integrates directly with an organization s existing directories and identity systems, as well as 4,000+ applications. Because Okta runs on an integrated platform, organizations can implement the service quickly at large scale and low total cost. More than 2,500 customers, including Adobe, Allergan, Chiquita, LinkedIn, MGM Resorts International and Western Union, trust Okta to help their organizations work faster, boost revenue and stay secure. For more information, visit us at www.okta.com or follow us on www.okta.com/blog. 1. See http://www.informationweek.com/news/security/attacks/229900111 2. See http://www.pcworld.com/article/227223/lastpass_online_password_manager_may_have_been_hacked.html 3. See http://www.securityweek.com/study-reveals-75-percent-individuals-use-same-password-social-networking-and-email 4. See http://tools.ietf.org/id/draft-mraihi-totp-timebased-06.txt 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information