Okta Advanced Server Access

Transcript

Details

Let's quickly walk through how it works, which we'll see in action with the demo. So first two users will installed a native client application on the workstations which will allow them to interact with their local SSH and RDP tools and communicate with our platform. Servers that are enrolled with Okta run a lightweight agent that manages the local user and group accounts and then captures all of the login events. Every request is independently authenticated and authorized against the respective sign in policies and role based access controls associated with the servers. And only when access is granted is this certificate minted through a built-in certificate authority. And each certificate is short-lived and tightly scoped to the user, device, and the project that the server belongs to, and they expire in three minutes, which allows them to only be used within that scope once.

That certificate is delivered to the client application and is used to initiate a secure session via SSH or RDP. And then that agent, that's on the machine, is going to capture that log in event and deliver it back to the platform for auditing purposes. All this is extremely seamless and elegant practice, so let's see it live.

I'm going to show first the end user experience and then we will talk about the administrator experience, but as an end user I would just have my client application installed, as we mentioned. At the beginning of my workday, I'm just going to log in to advanced server access. This is first going to check if I have an authenticated Okta session so I don't, which means I have to now send a push and I'll authenticate with Okta. That was me just getting my multifactor authentication notification. And I'll approve that and send it back.

This is means I'm authenticated with Okta but we're going to take it one step further. Because we're taking that authenticated Okta session and we're binding it to this machine that's running the client application. When we talk about zero trust, we talk about user plus a device. So this combination gives us, it gives us a strongly authentica