Flexible Policy for Security and Control
Okta offers a simple to use yet powerful framework to let you create policies that govern the access of people to applications. Whether it’s restricting access to applications based on time of day, or adding additional authentication factors based on physical location, Okta’s policy framework lets you quickly and easily add additional security measures to your IT solutions.
Application Assignment and Provisioning Policy
Okta policy can be used to ensure that the right people have access the right. Users granted access to an application in Okta can sign in, and have their application accounts automatically created using Okta’s user provisioning capabilities. When a user’s access is revoked in Okta, sign in is blocked and the account is automatically deactivated.
Access to applications can be granted individually, or by group. Group membership can be managed within Okta, or driven from an external directory service such as Active Directory. In this way, applications can be assigned to an Active Directory security group and users added from that group will be automatically be provisioned accounts and granted application access.
Use Okta to control how users should authenticate to your applications. There are two types of policies that can be used with the Okta Authentication Policy framework:
- Multifactor authentication policy based on group, location and resource
- Single factor authentication policy to determine when to use username and password and when to use Integrated Windows Authentication. This can also be enforced based on the user’s location.
Additional restrictions can be placed on application access to enhance security and ensure compliance with access policies required by your unique business. For example, it’s possible to set policies in Okta that allow access to benefits applications to all users, regardless of location, but to prevent hourly workers from accessing work related application when not in your offices. Access policies can be built with any combination of user, group, location and application.