Last updated: Mar 29, 2021

Integration detail

Beyond Identity

Overview

Relying on a password to authenticate into your Okta applications puts your workforce’s accounts and company data at risk for account takeovers and data loss. It’s difficult to reduce the risk that occurs from insecure passwords, however, without adding significant user friction to the login experience

 

Passwordless authentication and risk-based access control for your desktop and single sign-on applications

 

The risks of passwords

Relying on a password to authenticate into your Okta applications puts your workforce’s accounts and company data at risk for account takeovers and data loss. It’s difficult to reduce the risk that occurs from insecure passwords, however, without adding significant user friction to the login experience. 

How we authenticate users is changing
For the first time ever, your workforce can use proven, tested asymmetric keys and X.509 certificate-based authentication on every endpoint device without any key or certificate management, improving time to value and reducing IT workload. Unlike other friction-filled solutions, your workforce can self-enroll and download the Beyond Identity authenticator on every device to login to web-based and native applications without passwords, one-time codes, or needing to pick up a 2nd device every time they login. It’s a new type of authenticator that provides the device’s security posture at the exact time of login to make risk-based access decisions so only authorized users with devices that fit the company's risk policy can gain access.

Ease of passwordless integration and roll out

Beyond Identity’s passwordless identity platform is a cloud-native solution that can be easily integrated with Okta as a delegate identity provider (IDP). It requires only a few minor, code-free configuration changes in Okta. Beyond Identity employs standard OpenID Connect (OIDC) and SAML flows and SCIM for automated provisioning. Once provisioned, users can self enroll by downloading the authenticator and activating their credentials through email or their single sign-on end user portal.

How it works

When users request access to single sign on enabled applications, the application delegates to Okta and Okta subsequently delegates authentication responsibilities to Beyond Identity.

 

Okta and Beyond Identity

Functionality

Add this integration to enable authentication and provisioning capabilities.

Provisioning


Documentation

Here is a section all about documentation, integration, and implementation.

  • More information about Okta + Beyond Identity

    Read it

Okta Verified
Okta Verified
The integration was either created by Okta or by Okta community users and then tested and verified by Okta.

Languages Supported

English

Functionality