Okta + Shape Security: Taking on Automated Login Attacks, Account Takeover and Fraud

Every website or mobile app with a login form is a potential target for account takeover attacks. An “account takeover” is the process by which hackers and fraudsters use ill-gotten credentials to gain access to legitimate customers’ accounts.

Most of these attacks are automated and driven by malicious bots. The rise of bots is mirrored by the growth of third-party credential data breaches and poor user behaviour around passwords. Combining bots with credential data breaches gives attackers the efficiency and scale to target your platform. Using the stolen user credentials, they mobilise bots to take over legitimate accounts. According to a recent study, bot-driven attacks can account for up to 99 percent of a website’s login traffic.

Today, Okta, the leader in customer identity and access management, is pleased to announce a partnership with Shape Security, a leading solution in automated attack detection. Specifically, Shape takes on the bad bots. Through this partnership, joint customers can leverage Okta and Shape’s solutions to offer layered security to help prevent account takeover.

Okta’s Identity solution works with Shape Security’s Enterprise Defense to detect and deflect automated attacks before they reach your websites, mobile applications, and/or APIs. The alliance provides organisations with a multi-layered approach to mitigate bot-driven account takeover attacks.

How? Informed by machine learning, Shape Security software seamlessly assesses incoming login traffic before the login occurs. Simultaneously, Okta’s identity platform uses robust Adaptive Multi-factor Authentication (AMFA) to bolster authentication and ensure that only the intended user gains access to your service. The combination proactively mitigates the risk of credential stuffing and automated fake account creation, keeping assets safe and reducing hours of remediation customer support.

Implementation is simple. For joint customers, Shape Security’s enterprise defence solution is deployed in-line with login traffic—in front of Okta’s authentication platform. This deployment model enables Shape’s solution to collect specific types of login traffic and decide in real-time whether each login-in attempt should proceed, be monitored, or immediately blocked.

There are two options to co-deploy Shape Security with Okta: domain-based or URL-based.

In the domain-based deployment model, an administrator changes the DNS name from the Okta domain name (e.g., company.okta.com) to a specified Shape platform domain name.

In the URL-based deployment method, a CDN is configured to route the protected login traffic through Shape’s security solution. This filtered traffic is then either blocked or passed to the Okta platform with minimal disruption to your architecture.

Our leaders at Okta and Shape Security share similar goals and are very excited about this industry defining partnership. Here are a few thoughts in their own words:

Sumit Agarwal, co-founder and chief operating officer for Shape Security: Security should never compromise convenience, which is why both Shape and Okta are hyper-focused on creating products that provide invisible layers of protection that do not interfere with the user experience. This partnership is the epitome of that shared vision. Not only will this integration provide our joint customers with an extra layer of security before the login process, they will also have a highly secure, flexible and easy-to-manage sign-in infrastructure with the Okta identity platform.

Chuck Fontana, Vice President of Integrations and Strategic Partnerships for Okta: In today’s threat environment, all organisations need to make sure that only the right people have the right access to the right resources, a goal that Okta and Shape Security can help bring to fruition. By leveraging Okta Adaptive Multi-Factor Authentication strength in securely connecting an organisation’s customers to data and applications, combined with Shape’s ability to effectively detect and prevent account takeovers or fake registrations, customers can add an additional line of defence while still ensuring a frictionless user experience.

Keen to learn more? Our Okta + Shape Security partner page has all the information you need. Stay tuned for more informative blog posts, plus an upcoming joint-webinar where product experts from Okta and Shape Security answer your most pressing questions. Check out what’s possible!