Okta Identity Engine: 3 Updates You Should Know About

At last year’s Oktane, we introduced the Okta Identity Engine—a set of building blocks that serve as the foundation for any access experience.

Identity Engine Building blocks for access

Through these customizable and extensible identity steps, enterprises can build access experiences tailored to their organizational needs. That is, they are not bound to any one way of identifying, authorizing, enrolling, and issuing access to users. Instead, they can build their own processes for each of these steps, skip steps altogether, and continually iterate upon each step to offer a custom, context-driven approach to granting access to users.

We’ve given a lot of thought to how we can further empower our customers through this platform service over the past year. Today, we are excited to announce some new investments to the Okta Identity Engine that expand its value to workforce use cases and deepen value for customer identity use cases, all while improving user experience, boosting security, and further tightening the relationship between identity and the rest of the tech stack.

Here’s what’s new.

App-level policies

When it comes to access, context is key. Some apps contain more sensitive data than others, and should require stricter policies to drive access decisions. These could be based on user contexts such as their device, location, and behavior.

The latest updates to the Okta Identity Engine empower admins to take each of these variables into account on a per-app basis. That means having the power to set up the right authentication assurance for every app your organization deploys, and creating the right amount of friction for the right amount of sensitivity. Conversely, app-level policies make it possible to ease access demands for certain apps.

This enhanced, data-driven approach eliminates security and usability trade-offs through dynamic policies, applying the appropriate level of security for each app without inundating users with additional authentication factors when it’s not necessary.

In addition, the Okta Identity Engine allows admins to assign apps to specific policies from a single centralized hub. This more complete view not only improves admin efficiency, but helps IT to ensure that policies don't diverge over time.

Flexible Account Recovery

One of the biggest hurdles to IT productivity is inundation with password reset requests. This is even more acute for large organizations with tens if not hundreds of thousands of employees and contractors. We are big believers in enabling users to help themselves (and save IT) by allowing them to perform self-service password resets. However, we recognize that some factors, like email messages, SMS, and security questions, are not as secure as others.

Now, end users can leverage modern factors such as Webauthn and our authentication tool, Okta Verify, to execute password resets with stronger security. What’s more, admins can specify which factors users can select for password resets. This means not only fewer password reset tickets for admins, but improved security, productivity, and experience for users.

Identity Engine Flexible Account Recovery

New Integration Ecosystem

User journeys are complex in both workforce and customer use cases, but they all rely on identity. With that in mind, we’ve kept extensibility top of mind when making updates to the Okta Identity Engine.

We’ve expanded our integration ecosystem to empower customers to incorporate new data and trigger new actions with third-party integrations into their access experiences. That is, for each step in the access experience flow—from identifying users to issuing access—admins can leverage other tools to make that process more powerful.

For example, admins can trigger a driver’s license check during registration with an external Identity Proofing solution or incorporate data from an Endpoint Security provider during authentication, and so on. The result is not only enhanced security, as organizations can lean on integrated tools specifically designed for each security function, but a more customized access experience for end-users.

Learn More

We could not be more excited to make these new updates available to our customers and see what kind of access experiences they build. These new features unlocked by the Okta Identity Engine will go into Early Access by Q4 2020. In the meantime, visit our Okta Identity Engine Page to learn more.