Okta enables users to securely access the applications they need, wherever and whenever they need them. Cloud app and mobile device adoption in the enterprise have created a world where people can work from anywhere, and enjoy incredible experiences that make them more productive. Employees are no longer sitting behind a proxy or firewall when they need this access. Organizations need a more modern approach to access control to ensure the security of their sensitive and proprietary information. They need a next-generation access management architecture centered on people and designed for the principle of a zero-trust network.
That architecture has to be aware of the device that the person is using. I often get asked about how or whether our Identity Management service supports these device aware access scenarios and how we integrate with Enterprise Mobility Management products in that context. This post elaborates a bit more on our answer to these questions.
Device Trust: A critical input for Contextual Access Management
As the traditional network-based perimeter erodes, device context is a critical input to ensuring that the right person has access to the right information, at the right time. Understanding the security profile of a device – i.e. that it’s encrypted, not jailbroken or rooted – adds a layer of trust that’s a fundamental input to a secure access decision.
As people within an organization access applications from a wide range of devices, operating systems and browsers, we need a device trust framework that provides broad application coverage, best of breed interoperability, a great user experience, and a simple user experience.
Over the past year Okta has released a series of device trust capabilities including:
Use of Exchange ActiveSync certificates to prevent unmanaged devices from accessing Office 365; and
Device trust for Windows to ensure that only users on managed, domain-joined Windows computers can seamlessly SSO into Okta protected apps, securing corporate data even when there is no defined network boundary.
Moving forward in 2018, we’ll be expanding the breadth and depth of our support for device trust. We will tap into these device trust signals through vendor specific integrations as well as some integration methods that are agnostic to any vendor. The result will give our customers a broad range of options to meet their requirements.
A Perfect Combination: Best of Breed Identity & Mobility Management
A big part of our device trust strategy is ensuring Okta integrates well with Enterprise Mobility management products. Together, our products provide a more powerful, secure solution to support the needs of our joint customers. These integrations allow us to optimize for end user experience and productivity, while also giving our joint admins a simple setup process. This best-of-breed approach gives our customers the broadest set of access controls over the devices and platforms they care about. It also enables enterprises to leverage their existing investments in Okta’s Identity Management and their Enterprise Mobility Management vendor of choice.
Here is how our partners at MobileIron and Jamf are describing our collaboration:
“Organizations are working to address security vulnerabilities, ward off cyber threats and protect intellectual property. Jamf and Okta are tightly integrating our services to provide a people-friendly, secure experience that ensures the right people have access to the right data at the right time on any Apple device.” - Joe Bloom, Product Manager, Jamf
“Cloud services are a mandate for many organizations but companies are losing data every day to unauthorized devices and apps. Okta and MobileIron are partnering closely to provide our joint customers with contextual access policies that secure access to apps, data and devices.” - Ojas Rege, Chief Strategy Officer, MobileIron
Our rollout of these integrations will begin in early 2018, and we’ll share supporting documentation as those are released. Feel free to reach out to your Okta representative if you’d like more information in the interim, or if you are an Okta customer and are interested in participating in our iOS or upcoming Android device trust beta, please sign up here.