The Production Line: HealthInsight
Here at the The Production Line, we really enjoy digging into a little history. But this month, we’re pointing up a feature we just demoed at our Showcase event earlier this month. It’s called HealthInsight. This Early Availability (EA) feature started life as a beta in June of 2019, then was released as a self-enablement option in October, and already over 200 customers have enabled and tested HealthInsight in their orgs.
What is HealthInsight?
HealthInsight is offered in a suite of features called SecurityInsights. It monitors the configurations of your Okta org and delivers tailored recommendations, based on both industry best practices and Okta’s best practices for our products. It all started with Security Checklist, which provided personalized recommendations based on an org’s particular configuration. This feature appeared to significantly increase interest and spur adoption of security notifications. HealthInsight took it a step further, adding more recommendations, detailed documentation, and the ability to dismiss unneeded recommendations.
So exactly what does HealthInsight provide?
- A detailed list of Okta recommendations, based on your organization's existing security settings. See What exactly are we recommending?, below.
- Automatic navigation to various settings to update your existing configuration.
- A list of complete, incomplete, or dismissed security tasks, specific to your organization.
- The ability to dismiss irrelevant tasks so they do not appear as Incomplete.
- Insight into baseline security policies which may be missing on your org.
Why did we build it?
We talked to quite a few customers, and learned that we had to be proactive about the security picture of our customers in relation to Okta. So, after developing our own best practices, we realized we needed to dig deeper—baking tools into the product that provide individualized assessments using an organization's own data. HealthInsight is the piece that allows you to take your own temperature of health for your security posture.
Specifically, this feature takes a holistic approach, gleaned through talking to customers to solve their most pressing security issues.
Customers can feel confident that they’re adhering to industry best practices for basic organization-wide security.
Administrators can stop wasting time searching through online docs and videos to identify individual features—everything is surfaced right in the console.
HealthInsight check provides a continuous scan, updating when an existing security setting is accidentally removed, and as Okta add/updates additional best practice recommendations.
A key benefit of Healthinsight is it’s list of recommendations, geared toward optimizing your security through processes and enhanced access to information. Here’s the list of current recommendations:
- Require MFA for Okta Administration access
- Use strong factors in factor enrollment policies
- Limit the number of super admins
- Use ThreatInsight to block suspicious IPs
- Enforce a limited Session Lifetime
- Enable New Sign-On Notifications
- Enable Factor Enrollment Notifications
- Enable Factor Reset Notifications
- Use SAML authentication for app access
- Use strong Password Policies
What's been the customer reaction?
Okta customers have been enthusiastic. 100% of queried organizations said they would continually monitor this feature either quarterly (23.1%), monthly (30.8%) or whenever Okta prompted them (46.2%).
But critical to this feature was the feedback we received from customers. Our beta customers gave us suggestions that landed in product. An example? Our original version did not allow for the dismissal of recommendations, but comments like this prompted us to make the change:
I think the option [to dismiss] is useful in orgs that do not have the need or cannot use certain recommendations. For example, in our B2C org, we cannot enforce the recommended types of MFA for our customers.
Customers also asked for impact values on security and end users, as well as detailed security documentation to get the most out of these insights.
So, what else have customers had to say? Here are a few of the comments we’ve captured:
– “I felt at ease when I saw the items in the Complete section, but some items in the incomplete were eye opening.”
– “I like the tabs, it's a great way to quickly see what needs attention.”
– “Great job, keep these new features coming. Hope it rolls out to EA soon.”
– “Overall, [HealthInsight is] a very good and useful feature.”
– “I want to definitely reduce our super admins, ASAP”.
Can I access this feature today?
Missed a previous post? For more behind-the-scenes looks at our products, read them all: