Tecnics
Overview
Cloud transformation can be slowed by the ongoing threat of data breaches: Keeping enterprises safe has traditionally meant imposing odious security measures that can slow the pace of innovation and hurt workforce productivity. To combat these threats while supporting transformation, organizations need to do everything in their power to reduce the attack surface and prevent breaches due to weak passwords, stolen hardware, and other threats. Tecnics + Okta work together to give enterprises an extra layer of multifactor authentication, providing security for laptops and desktops that could potentially be compromised, and to provide self-service password recovery that’s secure and straightforward. The joint solution helps keep organizations more secure at every level without negatively impacting worker productivity.
Resources
The Challenge
- In the absence of multifactor authentication (MFA), lost or stolen laptops can expose organizations to the possibility of data breach
- Senior managers with access to sensitive company data are at heightened risk of credential theft, including keyloggers and device theft
- Help desks can be inundated with requests to reset user passwords, making password recovery an ongoing time- and resource-intensive task for IT
- End users lose time and productivity waiting for passwords to be reset, impacting morale and hurting the company’s bottom line
The Solution
Tecnics + Okta work together to provide Desktop/Laptop MFA and secure Self-Service Password Reset to the workforce, reducing companies’ attack surface area
Tecnics TecMFA extends Okta Multi-Factor Authentication (MFA) and policy framework to desktops and laptops running Windows
Tecnics TecSSPR uses Okta’s strong identity controls to power an intuitive process for users to securely reset their passwords without having to engage IT
Securely extend strong MFA protection to Windows desktops and laptops
TecMFA (Multi-Factor Authentication) extends Okta’s MFA protection to Windows desktops and laptops. During the login process on a device running Windows, users are authenticated with MFA factors configured in Okta, including something they know (e.g., their password) and something they have (e.g., a Yubikey or HyperSecu device, or an instance of Okta Verify on a registered mobile device). Once authenticated, users get Single Sign-On (SSO) access to the apps and information they need. Okta + Tecnics work together to add an extra layer of security for workstations and laptops, supporting MFA in both online and offline modes. The integration gives Windows users a secure, frictionless experience, while adding a layer of strong security for the organization that mitigates the effects of device theft or misuse as well as common credential theft methods like keyloggers and tools capable of harvesting plain text passwords.
Enable password self-service reset, freeing up IT for more strategic tasks
TecSSPR (Self-Service Password Reset), allows desktop and laptop users to reset their own passwords, right from the of Windows or MacOS login screen, after completing a second factor authentication configured in Okta. Instead of reaching out the help desk and waiting for a response, users can recover or reset their password themselves. Supporting Okta Verify, Yubikey, and other factors configured in Okta for recovery, the solution provides a quick and frictionless user experience, savies IT time and effort, and keeps the enterprise secure. With Okta + Tecnics TecSSPR working together, users can quickly get back to work and IT staffers are freed up to focus on more strategic tasks.
Enhance security and user productivity with Tecnics + Okta
- Strengthen security by extending policy-driven MFA protection to your workforce’s desktops and laptops
- Reduce the number of help desk calls by adding secure self-service password recovery, freeing IT department from manually servicing password resets
- Give your workforce smooth and seamless experiences that safely permit self-service that gets them quickly to the resources they need, keeping them productive
Capabilities
Access
- OIDC OpenID Connect is an extension to the OAuth standard that provides for exchanging Authentication data between an identity provider (IdP) and a service provider (SP) and does not require credentials to be passed from the Identity Provider to the application.
- WS-Federation
- SAML Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP) that does not require credentials to be passed to the service provider.
- SWA Secure Web Authentication is a Single Sign On (SSO) system developed by Okta to provide SSO for apps that don't support proprietary federated sign-on methods, SAML or OIDC.
Provisioning
- Attribute Sourcing
- Create Creates or links a user in the application when assigning the app to a user in Okta.
- Update Okta updates a user's attributes in the app when the app is assigned. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in the app.
- Deactivate Deactivates a user's account in the app when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.
- Sync Password Push either the users Okta password or a randomly generated password to the app. This feature is not required for all federated applications as user authentication takes place in Okta, however some apps still require a password.
- Group Push Push existing Okta groups and their memberships to the application. Groups can then be managed in Okta and changes are reflected in the application.
- Group Linking Link Okta groups to existing groups in the application. Simplifies onboarding an app for Okta provisioning where the app already has groups configured.
- Schema Discovery Import the user attribute schema from the application and reflect it in the Okta app user profile. Allows Okta to use custom attributes you have configured in the application that were not included in the basic app schema.
- Attribute Mastering The application can be defined as the source of truth for a full user profile or as the source of truth for specific attributes on a user profile.
- Attribute Writeback When the application is used as a profile master it is possible to define specific attributes to be sourced from another location and written back to the app. For example the user profile may come from Active Directory with phone number sourced from another app and written back to Active Directory.