Keeping data secure is easy. Keeping data secure, while still ensuring that it is usable, can be much harder. In this talk, we'll discuss some of the tradeoffs developers and systems architects need to consider in deciding how to handle their data and describe some of the ways that things can go wrong if appropriate considerations are not taken.
What's New With OAuth and OIDC?
Aaron Parecki, Senior Security Architect, OAuth
In this talk you'll learn about the latest developments with the OAuth and OIDC specs directly from the standards group. The latest additions to the specs enable richer experiences and better security for applications using OAuth.
Best Practices for Okta Developers
Jennifer Galvin, Partner Field Enablement, East, Okta
Are you developing (or will you be developing) web applications using Okta? Can you access all the applications that support your CI pipeline securely (including the infrastructure)? In this talk, you'll learn all the secrets, best practices, and things you should know to help you build secure and performant web apps, mobile apps, and API services using Okta, and ensure your whole team can get started accessing your CI pipeline right away!
Authentication UX Anti-Patterns
Kelley Robinson, Developer Evangelist, Twilio
From unpastable password fields to clunky 2FA setup, your site's user experience is an opportunity to delight (or frustrate) your customers. There are a lot of design choices from onboarding to account recovery; this talk will look at best practices for implementing seamless user onboarding UX, operating multiple 2FA channels at scale, and supporting your customers through it all.
You'll leave the session with a framework to determine the right level of authentication friction, incentivise user opt-in to 2FA, and decrease support tickets. Finally, we'll discuss how and why to delight your most security-conscious customers while catering to the common denominator.
Security Patterns for Microservice Architectures
Matt Raible, Open Source Developer, Okta
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This talk will examine well-known and often-used security patterns in the world of microservices.
How Web Authentication Works
Sara Daqiq, Developer, Okta
Curious how web authentication actually works? In this talk you'll learn exactly what happens behind the scenes when a user logs into a website. Along the way, you'll learn about TLS, password hashing, OpenID Connect, OAuth 2, JSON Web Tokens, and more.
DevOps and Security - Best Frenemies
Rocco Muscaritolo, Staff Site Reliability Engineer, Okta
Help take the fear and uncertainty out of your DevOps pipelines. In this talk you'll learn how to standardise and automate your infrastructure with an infrastructure-as-code strategy by utilising tools like Terraform, Cloud Configuration, and Serverless. You'll also learn how to add security scanning and permissions inspection to your CI pipeline to make your IT security team smile.
A Developer’s Guide to Docker
Lee Brandt, Senior Developer Advocate, Okta
It works on my machine. We’ve all heard it. Most of us have said it. It’s been impossible to get around it… until now. Not only can Docker-ising your development environment solve that issue, but it can make it drop-dead simple to onboard new developers, keep a team working forward and allow everyone on the team use their desired tools!
I will show you how to get Docker set up to use as the run environment for your software projects, how to maintain the docker environment, and even how easy it will be to deploy the whole environment to production in a way that you are actually developing in an environment that isn’t just “like” production. It IS the production environment!
You will learn the basics of Docker and how to use it to develop.
AWS & Okta: A Year Later - New and Improved Best Practices for Identity Management and Security
Scott Ward, Principal Solutions Architect, Amazon Web Services (AWS)
At Oktane 2019 we highlighted ways to ensure that your identity strategy on AWS was strong and that you kept up with emerging AWS trends. In the last year the AWS & Okta story has grown much stronger through new features and services launched by AWS, which are squarely focused on improving how customers integrate their identity providers with AWS. Join us as we talk through some of the latest approaches for integrating Okta with your AWS accounts. This session will include details on how you can best align your Okta identity strategy with current AWS design patterns and how AWS is enabling customers to utilise Okta for operational best practices against their AWS environments.