Manage access based on context
Azure AD Premium has a feature called EMS Conditional Access that enables an administrator to configure access based on a number of conditions. Okta’s own Contextual Access Management provides a high degree of security, visibility, and control over application access, while enabling organizations to continue to use the free Azure AD license.
Okta Contextual Access Management reduces risk by managing how users and devices gain access to corporate resources. Through a combination of Adaptive Multi-Factor Authentication and Device Trust enrollment policies, Okta ensures only approved users and devices can access corporate-owned applications and data. With Okta, organizations can enforce granular access control to thousands of applications, and for the most commonly used devices.
Okta Adaptive Multi-Factor Authentication
Adaptive MFA lets an administrator choose whether to allow access, require step-up authentication, deny access, or restrict the scope of a user’s access to certain applications. These decisions are based not just on passwords, security questions, and tokens, but on who the user is, what network or country they are connecting from, and what device they are using.
Okta Device Trust
Okta has created a simple yet powerful solution called Device Trust that prevents unmanaged devices from accessing applications integrated with Okta and Azure Active Directory. Okta can check if Windows devices are joined to a Windows domain, and if there is a policy to deny access to unmanaged devices. It can also require an unmanaged Mac or iOS device to enroll into Intune or a third-party mobile device management solution.
Integration with Azure AD Premium Conditional Access
Customers choosing to use Azure AD Premium Conditional Access can get complementary security using Okta as the identity provider. For example, organizations that support iOS, MacOS, or Android devices can rely on Okta to send the device a multi-factor authentication challenge, and require the device to enroll in a mobile device management solution before being granted access.