Multifactor Authentication
Whitepaper
Multifactor Authentication for
the Cloud
Okta provides secure, flexible multifactor authentication natively as part of our core identity and access management service.
Fully Integrated with the Okta Service
Okta provides multifactor authentication as a core feature of the identity management service. All functionality is built by Okta with the same focus on flexibility, security, and ease of use that we apply to all other aspects of our product and comes bundled with the Okta solution. No third party products are required.
Flexible, Secure Verification Options
Choose from a variety of second-factor options to balance the needs of your user base, the sensitivity of the applications you are protecting, and overall ease of use.
Security question
Security questions offer added protection by requiring users to provide additional information beyond simple user name and password. This option requires no additional devices and minimal user configuration.
Soft token
Okta’s soft token mobile application is designed for absolute simplicity for the user, and comprehensive security for the Okta administrator. The app can be installed directly from both the Android and Apple app stores. It self-configures using the device’s integrated camera. Once installed, users simply read a six-digit number from their phone screen to access protected resources, generated using the industry-standard Time-Based One-Time Password algorithm
Centralized Policy Management
One Okta policy controls access to all applications, whether cloud based or on premises. Policies can control how often and when to ask users for additional verification. Frequency can range from every login to once per a device. Extra verification can be required for all apps, or individual apps, and separate policies can be established for internal vs external users.
Easy for Administrators and Users
Okta’s multifactor authentication solution is designed to be easy to use, both for administrators and users. As an Okta solution, it is fully cloud delivered—no on-premises software or hardware is required. It can be enabled with just two clicks in the Okta administrative interface. Users can self-administer their tokens on their smartphones, subject to the policies administrators define. No clumsy hard tokens or complex SSL certificates required.
Works with your VPN
Okta’s single sign-on and MFA solution will work with any SAML-enabled SSL VPN. This enables comprehensive, seamless authentication across all enterprise applications accessed from the public Internet, whether cloud-based, in the DMZ, or protected by a VPN.
Extensible to Third-Party MFA Solutions
In addition to native Okta MFA support, our architecture also makes it easy to integrate Okta with a variety of existing MFA solutions. Using the same extensible architecture that enables Okta to provide a set of pre-integrated applications, customers can also leverage existing MFA products in conjunction with the Okta service.