HUMAN is a cybersecurity company that protects enterprises from bot attacks to keep digital experiences human. Its Human Verification Engine protects applications, APIs, and digital media from bot attacks preventing losses and improving the digital experience for real humans. Powered by the Human Verification Engine, HUMAN’s Application Integrity service detects and mitigates sophisticated bot activities including Account Takeover, New Account Fraud, Payment Fraud and Content & Experience Abuse to lower fraud loss and preserve customer trust and user experience.
Okta allies with HUMAN’s Application Integrity service to provide Continuous Authentication, detecting and preventing sophisticated bots and automated attacks from abusing the features of your web and mobile app landscapes. The Application Integrity service is powered by HUMAN’s unparalleled Technical Evidence - HUMAN’s unique ability to collect more than 2,500 device, network and user signals. Technical Evidence is gathered pre and post-login as users use your apps. More than 300 decisioning algorithms are continuously applied to collected Technical Evidence to deliver contextual risk assessment insights to Okta. Risk assessments are passed to the Okta platform in real-time, allowing Okta to challenge, deny and grant individual access based on your organization’s configurable response policy.
- Web and mobile application layer threats are persistent, varied and increasingly sophisticated.
- Increased security methods including CAPTCHA and MFA introduce unwanted user friction.
- Siloed systems present difficulties to determining risk levels associated with individual user accounts and offer no ability to achieve a coordinated response.
- Binary “block or allow” decisioning logic lacks context.
- Long lived authorization tokens result in stale security posture.
- Customers are adopting a CARTA like framework for securing their customers. They want to assess user, devices, network and application actions throughout a continuous user journey.
The Solution: A Best-of-breed architecture for continuous authentication with HUMAN and Okta
HUMAN’s Application Integrity service passes continuous pre-login and in-session risk assessment signals informed by HUMAN’s multilayered detection technology to Okta. Okta can then take action based on contextual policies where delivered HUMAN risk insights are considered. Adaptive risk intelligence assesses users continuously yet invisibly and throughout the Okta (IDP) and Service Provider (SP) ecosystem. The combination continuously mitigates the risk of Account Takeover, New Account Fraud, Transaction Fraud, and Content & Experience Abuse, reducing security and fraud risk while preserving a frictionless and enjoyable digital experience for your end-users.
Continuous and comprehensive protection spanning Pre & Post Login across Web & Mobile
Frictionless protection that’s invisible to End-Users
High-Fidelity detection leveraging 2,500+ Signals, 300+ Detection Algorithms
Human powered by global threat intel experts serving as your trusted advisors
HUMAN’s Application Integrity product supports integration using Risk EcoSystem API capability. Mutual customers who leverage Okta’s Adaptive MFA and HUMAN Application Integrity can ingest IP based risk signals sent from HUMAN in Okta's risk based authentication experience.
This capability enables IP based security co-relation to better block suspicious IPs that might be associated with the likelihood of account takeover attacks.
Add this integration to enable authentication and provisioning capabilities.
- Event Hooks
- Inbound Federation
- Outbound Federation
- SAML Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP) that does not require credentials to be passed to the service provider.
- Workflow Templates
- Workflows Connectors
- SWA Secure Web Authentication is a Single Sign On (SSO) system developed by Okta to provide SSO for apps that don't support proprietary federated sign-on methods, SAML or OIDC.
- OIDC OpenID Connect is an extension to the OAuth standard that provides for exchanging Authentication data between an identity provider (IdP) and a service provider (SP) and does not require credentials to be passed from the Identity Provider to the application.
- Create Creates or links a user in the application when assigning the app to a user in Okta.
- Update Okta updates a user's attributes in the app when the app is assigned. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in the app.
- Deactivate Deactivates a user's account in the app when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.
- Attribute Sourcing The application can be defined as the source of truth for a full user profile or as the source of truth for specific attributes on a user profile.
- Sync Password Push either the users Okta password or a randomly generated password to the app. This feature is not required for all federated applications as user authentication takes place in Okta, however some apps still require a password.
- Group Push Push existing Okta groups and their memberships to the application. Groups can then be managed in Okta and changes are reflected in the application.
- Group Linking Link Okta groups to existing groups in the application. Simplifies onboarding an app for Okta provisioning where the app already has groups configured.
- Schema Discovery Import the user attribute schema from the application and reflect it in the Okta app user profile. Allows Okta to use custom attributes you have configured in the application that were not included in the basic app schema.
- Attribute Writeback When the application is used as a profile master it is possible to define specific attributes to be sourced from another location and written back to the app. For example the user profile may come from Active Directory with phone number sourced from another app and written back to Active Directory.