Okta Cloud Services Platform
At Okta we understand the Single Sign-On, user management, and reporting service we provide must be both highly available and secure.
In addition, as the SaaS landscape is constantly changing it’s critical that we have an extensible platform to achieve the widest variety of integrations for you, across the largest number of applications.
Three Core Services
At the core of Okta’s identity and access management solution is a secure, reliable, and extensible cloud services platform. The three initial multi-tenant services running on top of that platform include single sign-on, user management, and logging & reporting.
Single Sign-On
Single sign-on methods vary widely across SaaS vendors today. Okta insulates enterprises from this by integrating with, and continuously testing and validating against, the widest variety of SSO methods across vendors. This is truly single sign-on as a service.
For federated authentication, if the vendor supports Security Assertion Markup Language (SAML) 1.1 or 2.0, the Okta service will act as a SAML Identity Provider (IdP) responding to SAML requests from those applications with a SAML assertion and facilitate secure user authentication. For vendors that support a proprietary protocol– Okta also supports and maintains those integrations over time.
For SaaS applications that do not provide support for federated user authentication Okta has developed a Secure Web Authentication (SWA) technology. Credentials are stored using strong AES encryption. Okta then executes a secure login sequence specific to a vendor that leverages user credentials to complete the login.
User Management
Methods for user management vary even more than those for single sign-on today. Standards have been proposed but little adoption has occurred.
Okta’s service again insulates IT from this incomparable diversity with deep integrations across a large number of SaaS solutions, supporting the broadest set of user and group management capabilities. Users can be automatically imported, new accounts provisioned and updated over time, user accounts deactivated, and several systems also support password synchronization.
With a large number of user management integration across both your directory and these SaaS applications it is also possible to automatically provision users and accounts in these applications leveraging specific user attributes from your on premises directory.
Logging and Reporting
Okta captures a comprehensive set of events and states spanning things such as user import, application assignment, activation/deactivation, Okta or application login, and application configuration change.
This robust set of data is captured in real time and maintained historically to support both interactive troubleshooting as well as detailed reporting.
The reporting supported includes pre-canned and customized reports, and data export in standard formats.
Extensible Platform
Common across all the core services is the ability to easily extend the platform to integrate with a variety of SSO, user data management, and eventing interfaces as they arise across cloud based applications. This flexibility means you can be confident that Okta will support the widest variety of integration types, across the largest number of applications in the shortest time. Adding a new application integration requires hours, not days, weeks or months.
Secure and Reliable
At Okta we understand that the set of functionality we provide across single sign-on, user management and reporting requires that the Okta service be both highly available and secure. Our approach to ensuring security and reliability is comprehensive. It spans our hiring practices, the architecture and development of the software that powers Okta, and the data center strategies and operations that enables us to deliver a world class service.
Learn more about our security & availability architecture.
Zero Maintenance Downtime
Our customers rely on the single sign-on component of our service to access their business critical applications, therefore, the Okta service can never be shut down for maintenance purposes.
The Okta service is designed to achieve zero planned downtime while also supporting the introduction of new functionality on a regular basis. This includes changing passwords and logging access requests and failures. For Okta, downtime during maintenance windows is a thing of the past.
During planned maintenance, authentication and logging function normally. Users can sign in to Okta, perform single sign-on to their applications, change passwords, and all of their actions are recorded and logged. During the maintenance window all other systems are read only. Messages display in a yellow notification box across the top of each administrator’s screen indicating read only and, when ready, return to read/write status. The authentication and logging system can also be upgraded while the Okta system is running, due to a special flexible data storage format that specifically allows for this.
See Okta’s current downtime track record on www.okta.com/trust