Okta + VMware Use Cases
Following the announcement of our extended integrations with VMware last week, we thought you might enjoy learning about some of the common projects we see joint Okta and VMware customers undertake, and how the existing integration and these recent improvements can help unlock more value for our customers.
Okta and VMware work together to help customers embrace three key scenarios for a modern, digital workplace:
- Adopt a Zero Trust security model
- Provide a seamless onboarding experience
- Enable contingent worker access
We've come a long way in enhancing these scenarios, so let's go through each of them in detail.
Adopt a Zero Trust Security Model
Zero Trust may seem like a buzzword now but buzz is a good thing when there are real benefits around it. Since the beginning of our journey together, we've been able to offer customers a secure device access experience based on user trust and device trust. This functionality helps customers to get started on their Zero Trust journey.
While Okta remains the access management provider for your apps, we can pass the sign-in step off to Workspace ONE to check the managed and compliant state of the device. And on a managed device, end users get a passwordless sign-in experience via Workspace ONE's MobileSSO features.
We've now enhanced the integration to allow Workspace ONE to send more detail on the managed state of the device back to Okta. This means that on unmanaged devices, rather than denying the user from their application, you can require Okta to prompt for step-up MFA, or even better, require a strong auth factor such as WebAuthn (the only phishing-proof factor out there) to deliver a secure, passwordless login—even when the device is not managed.
We are excited to see more customers adopt Okta and VMware to enable secure device-based access on all their device platforms.
Provide a Seamless Onboarding Experience
As your business scales, you want to be sure you are choosing technologies that scale with it. One aspect of this is getting rid of manual processes for onboarding and offboarding employees. Each employee has their own user lifecycle and device lifecycle. This is where Okta and VMware come into play. When using Okta for access management, you can utilize an existing HR system (such as Workday or Namely) or an on-premises directory (such as Active Directory or LDAP) to automatically add a user to Okta's Universal Directory, assign them a single username/password, enroll them to MFA, and provision them to any required apps. And, for the device lifecycle, you can pre-provision devices with required apps and allow the device to automatically register to your company's domain on first boot. This offers an expedited, low-touch deployment option. Additionally, day-to-day user and device management becomes much easier when Okta and Workspace ONE have been integrated, with functionality such as self-service password reset, automated device, and OS updates. Lastly, once a user is offboarded from Okta, they will be deprovisioned from all apps, including Workspace ONE.
To make day-to-day functions even easier, Okta and VMware have worked together to bring a few new key features to our integration. Primarily, the announcement of Okta provisioning connectivity from VMware means that user accounts can be created directly from Okta to kick off the lifecycle flows, removing any dependencies on other external directories. Additionally, customers who are utilizing the Workspace ONE dashboard can now use it to reset their Okta password. Initiating a password reset in Workspace ONE will also reset your password in Okta. From a usability standpoint, Okta apps can now be published into the Workspace ONE dashboard. This means that you can continue using Okta as your access management provider, but for users that are already familiar with the Workspace ONE dashboard, they don't need to log into Okta directly to access their apps.
Enable Contingent Worker Access
Most organizations today need to give partners access to their corporate resources, and it's important to do this in a secure way. It's equally important that partners have a great access experience when working with your business. To address these scenarios, Okta and VMware work together to automate actions such as
- If user is a consultant, automatically provision access to a minimal set of apps
- If user is a seasonal worker, set a suspension date to Dec. 31st
- If an account is inactive for 30 days, suspend the user
Here again, being able to manage users directly from Okta to Workspace ONE is a key enabler. Now, when using Okta's Universal Directory and Workspace ONE, you can provision full user profiles from Okta to Workspace ONE with no other directory dependencies. This means you no longer need Active Directory (or any on-premises directory) to manage and update users in Okta and Workspace ONE! This is a massive step in helping customers modernize legacy infrastructure, and we're very excited to see customers implementing this integration.
These improvements required a lot of work behind the scenes, for the end users and administrators, of both platforms.
These individual use cases are great, but how do they fit into a larger modernization strategy? Fundamentally, when we're talking about the modern workspace, we have to remember that there's always a device (although we can't guarantee what kind), and there's always a user (although we can't guarantee that we know what they're trying to do). Identity and Workspace management are quite literally two sides of the same coin, and each presents an attack surface that can potentially be exploited. Our customers have told us that there's tangible value in integrating identity and device management platforms. To wit:
One can also think about the integration of a user and a device platform as a tangible step along a Zero Trust journey. Said simply, Zero Trust is the idea that there is no trusted network anymore, and each access request should be judged on its own immediate merits, with user and device posture evaluated at that point in time to determine the appropriate access decision. As such, having two platforms that seamlessly and easily integrate with each other, as do the Okta Identity Cloud and VMware Workspace ONE, will help you move along this journey.