Preventing Credential-Based Attacks with Okta and Palo Alto Networks
Leverage best-in-class products for IDaaS and Enterprise Network Firewalls with Okta and Palo Alto Networks.
With the explosion of cloud apps and SaaS, the center of gravity of identity management is increasingly moving to the cloud as well. But even with this growth, a significant portion of many companies’ operations still remain behind the firewall. A complete IDaaS solution is needed that can integrate and unify these two worlds to improve administration and boost end-user production.
Once Palo Alto Networks Next Generation Firewall is configured with Okta, end-users can seamlessly authenticate to Palo Alto Networks’ GlobalProtect, Captive Portal, SSL VPN and administrative UI modules and access sensitive data and applications behind the firewall. Network admins are still able to maintain the security policies for resources behind the firewall through Palo Alto Networks.
In addition, Palo Alto Networks’ integration with Okta’s Adaptive MFA not only provides an additional layer of protection for Palo Alto Networks’ customers and their most sensitive data, but maintains a simple user experience. Okta’s Adaptive MFA is triggered when an end-user attempts to access secure resources that match a Palo Alto Networks authentication policy rule which requires an additional factor.
Tight Integration with Okta MFA for Increased Security
In addition to a traditional RADIUS integration, Palo Alto Networks will be using Okta’s MFA API for this integration. This has several benefits. First, customers no longer need to manage a RADIUS server just for MFA if they choose, immediately reducing IT costs and resources. Second, the tighter, centralized integration means more advanced MFA policies for better fine-grained access. Finally, Palo Alto Network customers can now take advantage of all enhance MFA features from Okta including a soft token through a mobile device (iOS, Android or Windows Phone), hard tokens like Yubikey, SMS, or voice as factors and be can be confident that all future MFA technology will be seamlessly adopted.
Secure Access to Resources from Outside the Firewall
Enterprises typically use Okta for the 5000+ integrations pre-built into the Okta Application Network. Okta also has full support for federation protocols for additional applications that support federation standards. Applications in the cloud with any kind of login form can, additionally, be easily added to Okta.
When applications are behind the firewall, authentication is not enough. Users must gain network access to the application. With Palo Alto Network integrated to Okta, end-users can authenticate once into Okta and seamlessly get access to resources behind Palo Alto Network Palo Alto Networks’ GlobalProtect, Captive Portal, SSL VPN, and administrative UI modules.