OAG + HealthInsight: Proactively Audit and Secure On-Prem Apps

At Okta, we love to secure access to everything from a single platform. This, of course, includes on-premises apps.

As spoiled here, our specialists wanted to weigh in on how OAG is at its best when paired with the features that make up the Okta platform. In other words, we’re giving you the Secret Sauce! This month, Senior Curriculum Developer, Dave Silvestro, takes on the recipe of OAG and Healthinsight to make an improved security posture for on-premises web apps.

00iVEnw8m93QRRNv9JHMrwlLPqQ2HVWANjmmbwPvx0zdsIF4t4OQ5dMChaRjA lTko9E0eK4Qz7yfni4iZMbwdGcaYwcMO5OFB8gbbY1mFaHk UKBZ8ZQl5EIAIG6zTiGqlP6fqu

In this post, I’ll show you how you can combine OAG with Okta HealthInsight to proactively audit and improve the security posture for on-premises web applications.

PS: For context, Okta Access Gateway (OAG) is a solution to secure access to on-premises web apps in a hybrid IT environment using Okta SSO and Adaptive MFA. If you want to learn the basics about OAG before diving in, click here.

The Challenge: Implementing modern security best practices on traditional on-premises web apps

As organizations evolve, they adopt new technologies and strategies to innovate and better meet the needs of their workforce and customers. Some of these changes (their ability to enable remote work, create a digital business, adopt cloud software and infrastructure, etc.), can deeply transform the organization's threat surface, introducing new risks and security controls for their IT team. Adjusting security controls to your environment takes time, especially on on-prem apps that are often treated as an afterthought. 

Ideally, organizations would have a fast and easy way to understand, review, and apply security best practices for all applications (including on-prem!). And, as new security features and best practices are released, they should easily keep up with innovations, while also having the ability to rapidly strengthen their security posture.

The Solution: Use OAG with Okta HealthInsight for best practice security improvements

Thankfully, Okta has a solution for this challenge: Okta HealthInsight.

Okta HealthInsight is a feature available to all Okta customers, free of charge, that provides a live audit of your Okta tenant, with recommendations compared to Okta and industry best practices. HealthInsight works for all apps integrated with Okta. And that, of course, includes the on-prem web apps secured with OAG.

The main benefit of using HealthInsight with the Okta Identity Platform and OAG is that you can consistently apply security best practices for all applications—regardless of where they are hosted—on-prem or in the cloud. Even better, the HealthInsight audit is live, giving you a real-time snapshot of your security posture and helping to detect security configuration drift.

What does it look like?

The Okta HealthInsight is available from the Okta Admin Console on the Dashboard menu:

 ohOa0eaeABA8 9WfQeHG1I5w6hORvo0 Y6DpPaPCQxEnILcH5pHQymfCGTNtaCQI3YhNEJYh7ZczOzNF96zA YdOzYMmqIc2oWDYnX0bjz7DLl IlsQjGr8KsPgQlM6Sk8SFxiM2
Okta HealthInsight

The HealthInsight screen shows you a list of recommendations for strengthening your Okta and application access security, alongside a score that changes every time as you apply best practices:

CkDG9Zdy79B0R0VRQAGqWHsaNLi1Tp7 8 DuOfFSE4eV2Q vzRC4uP1iN2 hNaOyIZsYlT6ngPb7FgCh04Az GF0gnrt5RwwhkqucjT yz8MvKGdgPnoc95tOwpX3Ys0nIZaxxW0
HealthInsight page and score

The best practices include many areas, ranging from admin access to Okta, to app-specific settings. Here are a few examples of recommendations that will improve your on-prem app access security:

  • Limit the number of super admins that can change app configuration
  • Reduce session lifetime on all sign-on policies
  • Utilize strong MFA factors for user authentication
  • Enable single sign-on from new or unknown device notifications
  • Enable suspicious activity reporting from end-users
  • Enable ThreatInsights to block malicious IPs

The HealthInsight audit and recommendations can be pulled at any time. You can regularly access the audit to check if changes in your configuration, such as the addition of a new OAG app or Okta best practice, changed your score. Then, you can apply any new recommendations to keep your security posture up to date.

Having on-premise applications doesn’t mean you have to compromise on security. By combining Okta Access Gateway with Okta HealthInsight, you can keep up with the ongoing task of proactively auditing and improving the security posture of your on-prem apps.

If you want to learn more about the secret features of Okta Access Gateway, check out our previous posts right here.