OAG + HealthInsight: Proactively Audit and Secure On-Prem Apps

At Okta, we love to secure access to everything from a single platform. This, of course, includes on-premises apps.

As spoiled here, our specialists wanted to weigh in on how OAG is at its best when paired with the features that make up the Okta platform. In other words, we’re giving you the Secret Sauce! This month, Senior Curriculum Developer, Dave Silvestro, takes on the recipe of OAG and Healthinsight to make an improved security posture for on-premises web apps.

s0SDgL7TL04qt9jrwhiyMVQUETYWeQqFoMiq qnTyRWphw4iHWIpDa QTd90QOwAR4sawDLqLW7i9519GbJ0QbwPAxFgxMXSLJ9T8hODm8Xiv7 eU2TZDop68Aw3UAa7BJY60 yz

In this post, I’ll show you how you can combine OAG with Okta HealthInsight to proactively audit and improve the security posture for on-premises web applications.

PS: For context, Okta Access Gateway (OAG) is a solution to secure access to on-premises web apps in a hybrid IT environment using Okta SSO and Adaptive MFA. If you want to learn the basics about OAG before diving in, click here.

The Challenge: Implementing modern security best practices on traditional on-premises web apps

As organizations evolve, they adopt new technologies and strategies to innovate and better meet the needs of their workforce and customers. Some of these changes (their ability to enable remote work, create a digital business, adopt cloud software and infrastructure, etc.), can deeply transform the organization's threat surface, introducing new risks and security controls for their IT team. Adjusting security controls to your environment takes time, especially on on-prem apps that are often treated as an afterthought. 

Ideally, organizations would have a fast and easy way to understand, review, and apply security best practices for all applications (including on-prem!). And, as new security features and best practices are released, they should easily keep up with innovations, while also having the ability to rapidly strengthen their security posture.

The Solution: Use OAG with Okta HealthInsight for best practice security improvements

Thankfully, Okta has a solution for this challenge: Okta HealthInsight.

Okta HealthInsight is a feature available to all Okta customers, free of charge, that provides a live audit of your Okta tenant, with recommendations compared to Okta and industry best practices. HealthInsight works for all apps integrated with Okta. And that, of course, includes the on-prem web apps secured with OAG.

The main benefit of using HealthInsight with the Okta Identity Platform and OAG is that you can consistently apply security best practices for all applications—regardless of where they are hosted—on-prem or in the cloud. Even better, the HealthInsight audit is live, giving you a real-time snapshot of your security posture and helping to detect security configuration drift.

What does it look like?

The Okta HealthInsight is available from the Okta Admin Console on the Dashboard menu:

 nYx8gp UoPWhF24SecGfRQqEozzMRWi44K0JmMWXyiD46CUfYA9UvLZ4G1TV9trGjHHLhs 5mQ0l1lsjXoOkjTDWEbswtglv8J 0595jbpW1pg2t9n44fAxoJUctDYeZ4gT tk0Okta HealthInsight

The HealthInsight screen shows you a list of recommendations for strengthening your Okta and application access security, alongside a score that changes every time as you apply best practices:

oshPmiUbgr6crzSDt4pcQrR51NtISHnpP5 qKDBstRbOYETaWpLPiHf6ghL5zPxG2C V3wvQGuzf7VOWgvulfGhu0Gq6JBqQvwO0Aee589h7zXsVKv RX6vtG72kH4SUq6wVD j8HealthInsight page and score

The best practices include many areas, ranging from admin access to Okta, to app-specific settings. Here are a few examples of recommendations that will improve your on-prem app access security:

  • Limit the number of super admins that can change app configuration
  • Reduce session lifetime on all sign-on policies
  • Utilize strong MFA factors for user authentication
  • Enable single sign-on from new or unknown device notifications
  • Enable suspicious activity reporting from end-users
  • Enable ThreatInsights to block malicious IPs

The HealthInsight audit and recommendations can be pulled at any time. You can regularly access the audit to check if changes in your configuration, such as the addition of a new OAG app or Okta best practice, changed your score. Then, you can apply any new recommendations to keep your security posture up to date.

Having on-premise applications doesn’t mean you have to compromise on security. By combining Okta Access Gateway with Okta HealthInsight, you can keep up with the ongoing task of proactively auditing and improving the security posture of your on-prem apps.

If you want to learn more about the secret features of Okta Access Gateway, check out our previous posts right here.