Introducing Okta’s New Risk Ecosystem API: A Fraud Fighting Toolset to Secure Authentication and Delight Customers

Organisations across every industry are expanding their technology initiatives to adapt to customer needs in a digital-first world. In today’s competitive economy, customers expect secure, seamless experiences that bridge the physical and digital divide. Thus, it’s imperative to delight customers with frictionless omni-channel touchpoints that don’t compromise their security, and this need is only heightened as cyber threats and attacks become increasingly common in the digital world. 

Today at Oktane21, we’re excited to share how we’re creating a balance between security and seamless customer experiences with Okta’s new Risk Ecosystem API. The Risk Ecosystem API unlocks the power of the Okta Integration Network to share risk signals from an organisation’s security stack to its identity layer. Sharing these risk signals enables organisations to enhance security efficacy against targeted identity attacks and start their journey towards continuous authentication. It also elevates customer experiences by gathering telemetry without user input and removing access friction for good users. Organisations that leverage both Okta and our technology partners across bot detection and web application firewalls (WAF) can use the Risk Ecosystem API to unite risk signals with access decisions and seamlessly secure digital experiences. 

Security and customer experience are at odds

As customer interactions increasingly become digital, the range of attack vectors for fraud is significantly high, and threat actors have a wider attack surface to target customers. At the same time, customers are averse to clunky security measures and expect seamless omni-channel experiences. To maximise security while minimising friction, organisations need a best-of-breed approach to centralise risk signals and make informed access decisions. 

Invisible security is the solution

Powered by the Okta Integration Network, Okta’s Risk Ecosystem API enhances Okta’s built-in risk scoring system by ingesting external risk signals from new third-party solutions, including bot detection and web application firewall providers Fastly, HUMAN, F5 Networks, and PerimeterX. These signals work invisibly in the background to assess risk without compromising user experiences.

"Fastly provides unmatched visibility and protection against bots and account takeovers for some of the world’s largest brands,” said Sean Leach, Chief Product Architect at Fastly. "We're thrilled to closely partner with Okta to share risk signals and provide a holistic view of fraud for joint customers. Improving the customer experience while offering seamless protection from unforeseen risks is tantamount to effective and secure digital acceleration. Together, we can help prevent attacks and meet the needs of modern teams."

Risk Ecosystem

Enhance security efficacy with enriched risk signals

Okta’s Risk Ecosystem API ingests a set of new third-party risk signals to more accurately block fraudsters and augments Okta’s existing identity-centric signals based around user-specific device, location, network, application, and more. Working together, Okta and third-party signals can analyse and orchestrate risk-based access using the authentication layer, then either step-up, reduce friction, or block users. For example, Fastly can detect malicious IP addresses from threat actors leveraging botnets and flag them to Okta. Using this external risk signal, Okta can then act on the suspicious traffic and require additional authentication to access the application.

By combining risk signals from third parties with our own identity-centric risk signals and existing fraud and risk partnerships, we’re enabling organisations to make the most of their security stack investments. This best-of-breed approach ultimately enhances security efficacy by removing security blind spots from disjointed fraud and risk solutions. 

Build customer trust with seamless digital experiences

While Okta’s Risk Ecosystem API works silently in the background to protect customers and build trust, they can enjoy a seamless digital experience across all of their devices. For example, if the Risk Ecosystem API detects positive, low-risk signals for good users, then it can remove additional access friction like multi-factor authentication. Elevating customer experiences is especially important across digital commerce, where the ability to offer a single-click checkout experience relies on having a 360-degree view of the customer and their security profile. 

Protect your workforce alongside your customers

The need for secure, seamless experiences extends beyond customers and to the workforce. By providing a unified layer of signals across an organisation’s security stack, Okta’s Risk Ecosystem API protects workers against threat actors with minimal impact on their user experience. For example, Okta and Box Shield will continuously share threat signals to strengthen risk posture during an employee’s session. Okta can then terminate any compromised sessions across all supported SaaS applications.

Get started

Ingesting third-party risk signals in Okta’s Risk Ecosystem API is now available in Early Access and accessible via Adaptive Multi-Factor Authentication.

For more information, tune in to our Oktane21 Day 2 Product Roundtable and Demos, check out our developer documentation, or contact us with questions.