Okta + ServiceNow: Extend and Customize Lifecycle Workflows

Speaker 1:  Thank you. Well, good afternoon and welcome to Okta and ServiceNow, extending and customized lifecycle workflows. Just to please note, this session is being recorded, so we are asking you to silence your cell phones and would appreciate you staying in your seats once the presentation has begun. With that, I would like to introduce ... Cannot do this two-handed ... Kyle Diedrich, who is our technical marketing manager at Okta. He has over five years of industry experience working with Enterprise Mobility, with a strong focus on identity management, application management, and business productivity. He previous worked with Air Watch, where he served as senior product manager and past experience leading the technical training and documentation team.

Kyle has a BS in computer engineering from the Georgia Institute of Technology and please join me in welcoming Kyle Diedrich.

Kyle Diedrich:  All right. Thank you. Wow, big room. This is great. Thanks everyone for coming today. My name is Kyle Diedrich. I'm here today with some amazing peers: Chris Borkenhagen from Concur, John Haberland from ServiceNow, and today what we really want to do is tell you how you can go a lot further with both Okta and ServiceNow. Without further ado, because we're talking about so much cool cutting-edge stuff, of course we're going to start with a little safe harbor slide up front. Keep in mind, a lot of this is for looking. Some of this is very exciting cutting-edge things, so don't make any purchasing decisions based off that. Now, let's take a moment, read the slide.

All right, and we're good. Once again, amazing peers. Chris Borkenhagen is the SVP head of corporate IT at Concur, John Haberland, director of strategic technology alliances, and that's me without a beard, Kyle Diedrich, senior manager technical solutions at Okta, and I really focus on the OAN, or now known as the Okta Integration Network instead. We have a jam packed session. We're going to talk about a lot of different thing in these 45 minutes. We'll start with why we think that identity and service management really work so well together, and why we think you should always use these two tools in conjunction with one another.

We'll then talk about the three core field battle tested ways you've seen Okta and ServiceNow work together to accomplish big things like we've seen at Concur, and then of course, we'll have Chris come up and tell us first hand how a customer's been success deploying a lot of this awesome tech. Then John will give us a really nice teaser about what's coming next for the Okta and ServiceNow partnership. Without further ado, I want to introduce John Haberland, ServiceNow. 

John Haberland:  Thank you. Thank you, Kyle. Am I on? Yes. Every industry is being disrupted, whether it's formed by automation, new intuitive consumer experiences, machine learning, or the explosion of connected devices. These disruptive companies are delivering products to market faster, providing a fundamentally new user experience, including more transparency into a consumer's request and transaction so the consumer knows when and how it's being fulfilled. To become a disrupter instead of being disrupted, your organization need to do the same thing; be faster to market, provide more transaction transparency to consumers, and continue improving their buying experience. To become a disrupter, your company can't be stuck in an old work model.

Here we see customer requests, IT incidents, HR cases, all following their own paths within your enterprise, moving back and forth between people, machines, and departments. These transactions have been unstructured and unimproved for years. Most work is done by emails, phone calls, and text messages. Tracking is in Excel spreadsheets, stored on local hard drives, being emailed around, or maybe, if you're lucky, stored on a shared folder. The reality is, it's all very unstructured, which makes it very difficult to increase speed or provide greater transparency. This work model hurts business.

As a result, employees are not productive and spend time on mundane tasks instead of work, it takes longer than it should to resolve issues, respond to requests, and get work done. Lastly, and most important, costs are higher than they need to be and revenue grows more slowly. How does an enterprise deal with this? What's needed is a system of action, a system that allows requesters to easily request a service or report an issue with a simple, intuitive user interface. A system that allows requesters to see the real time status of their request and resolution of their issue. It's important to note that these requesters will not always be human, as the number of connected devices grows. 

Requests will increasingly be made by machines, and those machines will also be able to query for status. On the right, we can see actioners have visibility into all the request and are able to prioritize and assign those requests for fulfillment. Teams can collaborate on resolution and even across departments to resolve issues. Again, while today much of this action is driven by humans, over time, more actions will be automated, increasing the speed and lowering the cost of everything in your enterprise, including IT incidents, security incidents, customer support cases, and HR requests.

Underpinning the system of action in the center of the slide must be workflow and automation to route the request and issues, automating simple resolutions, and speeding the process for more complex activities. This system of action should operate across all types of work, not only within the enterprise, but also for vendors, customers, and partners. ServiceNow is a system of action that will help you move faster and be the disrupter rather than the disrupted. Your employees become much more product view because their requests are fulfilled faster, and they engage in less mundane work, having more time to focus on their actual work.

At the same time, you can achieve higher service levels through automation, and by doing all this, you will decrease your costs and increase revenue. This is what we call the Lightspeed Enterprise, and ServiceNow can help you work at Lightspeed. ServiceNow provides IT services for five services for five key areas of your business; IT, security operations, customer service, HR, and building business applications. IT can increase agility and lower costs by consolidating legacy tools into a modern, easy-to-use service management solution in the cloud. Security can collaborate with IT to resolve real threats fast using a structured response engine to prioritize and resolve incidents based on service impact.

Customer service can drive case volume down and customer loyalty up by assessing product service health in real time and working across departments to quickly remediate service issues. HR can consumer eyes the employee service experience with self-service portals and get the insights they need to continually improve service delivery and any department can quickly build business applications to automate processes with reusable components that help accelerate innovation. All of these services hope your organization make requests and fulfill those requests quickly. You can energize employees, increase service levels, and get game-changing economics with any of these services, and they are all built on a common platform so you can achieve unique value when using them together.

Let's take a closer look at the platform in more detail. As you can see, the platform has a rich set of services that are common across all the applications including service portal, knowledge-based service catalog, developer tools and reports and dashboards. Earlier this year, ServiceNow required DX continuum, a pioneer and intelligent automation. That technology has led ServiceNow to introduce the intelligent automation engine, a machine learning engine that's designed to predict outages, automate routing and workflow, predict outcomes, and benchmark performance. Lastly, it's important to note that ServiceNow has a fundamentally different architecture from other cloud providers.

Rather than being multi-tenant where many customers share the same database and application instances, ServiceNow is built on a single instance architecture. Each customer has their own database an application set. We provide these instances via 16 data centers across the globe that create eight paired data centers. This global architecture allows your instances to be as close to your enterprise as possible, ensures you always have a fully available instance should there be a failover issue due to issues or plan maintenance, and satisfy your data sovereignty requirements. ServiceNow wants to ensure that your instance and accordingly your enterprise is always operating at Lightspeed.

I hope you found this ServiceNow overview informative. I'll turn it over to Kyle. There you go. Thank you.

Kyle Diedrich:  How many people in the audience use ServiceNow today? The majority of you, right? You understand it, right? Definitely these are common problems that many, many businesses are facing, but what we see from Okta is that those same customers who choose ServiceNow for IT service management, they're also facing other common identity challenges along the way too. They're trying to deal with an explosion of cloud applications that's really inundating IT with just manual upkeep of all these different apps. There's now complex user populations, gone to the days where you can just worry about employees, right? Now there's partners, suppliers, resellers, even your own customers to deal with, right?

Of course, there's an ever-evolving security perimeter thanks to mobile devices and cloud apps that makes it harder than ever to keep your business safe. At the end of the day, that's why so many of you often ... Actually most likely all you guys in this room, you really pair ServiceNow service management platform with Okta for identity management. If there's anything we really want you to take away today is that you shouldn't just use both of these two different systems to solve different business challenges because even though both solutions are I call them Swiss Army knives, they're very powerful, very rich, you can accomplish way, way, way more together than you can on your own. That's what we want to focus on.

We want to give you just three core field-tested, very valuable ways that we've seen our customers like Concur use these two platforms in conjunction with one another. I'll start by just walking through if you're getting started with Okta ServiceNow how you can provide secure access and provisioning to that app very quickly out of the box. Then we'll move on to more exciting things, like how you can fully automate your on-boarding and off-boarding checklist, and then from there, we'll talk about how you can really empower your end users with awesome self-service capabilities, like the ability to request access and get access instantaneously to apps and do other cool things as well. Let's go ahead and dive in.

If you're just getting started with Okta and ServiceNow or you have Okta and you're just using ServiceNow for the first time, we always recommend you start here. Take advantage of the Okta integration network. Once again, this is the largest catalog of apps out there today, 5000 plus, and what that means to you in this room is that chances are all the apps you're using in your business are already supported out of box. Of course ServiceNow is included as well. In fact, it's actually one of the richest and most robust integrations we have in the catalog. Just in a matter of minutes, you can find ServiceNow in Okta and you can do cool things, like immediately connect directory users in the ServiceNow from a source like AD or LDAP, an HR system like Workday, et cetera.

You can provide secure single sign-on. You can have automated provisioning, automating account creation, deletion in ServiceNow, multi-factor authentication, mobile access, and even tracking and reporting. Lots of stuff out of box in a few minutes. Enough talking, let's go ahead and take a look and see what this looks like in action. I'm going to go ahead and just swap over to an Okta orc here. The first thing that we see our customers do is once again just go to the admin console, go to our apps page, and then just add an application. This is where all those 5000 apps, they appear on this page. If I just type in ServiceNow, I could be off to the races just by selecting this app and going through a very, very simple process.

Now I've already done this, so I'm going to go ahead and jump ahead. A few of the things you get in a matter of minutes are once again single sign-on. On this sign-on tab, it's very easy if you wanted SAML, you just check the box, follow the in-product guide. My favorite thing about these guides when I came to Okta was I was expecting these SAML guide just to talk about the Okta side of things, but they don't. They even show you with screenshots what you need to do from the ServiceNow side as well, so this literally could not be easier. Actually I lied, I think provisioning is probably a little bit easier because at the end of the day, you can also enable provisioning to ServiceNow with just an admin set of credentials; a username and password.

As soon as you add those to Okta, you can do some really, really powerful stuff, like automatically create users in ServiceNow, update attributes like job details, last name, et cetera when that happens, and you can even deactivate users when they leave your organization. On top of that, you can sync passwords to ServiceNow and once again is a testament to how rich this integration is. We don't just push things like a username, password, first name, last name. We literally push every single attribute that exists into ServiceNow user profile to ServiceNow, including custom attributes too.

The reason that's so important is because many of you probably have workflows that have logic built into them that look at things like a department or this or that, and having rich context about the user means those workflows are just richer and more sophisticated out-of-the-box. Now at the end of the day, once you have single sign-on provisioning setup, this is what you get, a nice chicklet to log into ServiceNow for all your users that brings them right in single sign-on, no problem. What do you do ... Oh actually, we wanted to tie it back to value. Oftentimes we see our customers come to Okta at first struggling with a lot of these issues. They're manually managing access to apps like ServiceNow.

Their end-users are managing their usernames and passwords oftentimes in a notepad file on their desktop and at the end of the day, with that out of box integration, a few minutes single sign-on provisioning MFA, et cetera. Very powerful, but what comes next? Well, once you have that covered, you can then once again move on to more challenging but more rewarding projects like fully automating your on-boarding and off-boarding checklists. Once again, show hands for those ServiceNow users. How many of you have workflows for onboarding or off-boarding? Is that a pretty common practice? Yeah, so we've seen that as well.

In fact, a lot of users, a lot of businesses use ServiceNow so they can automate a lot of the tasks associated with on-boarding and off-boarding users, things like issuing a phone, issuing a laptop, giving them a desk. As John was saying, that's a manual process in many organizations and often times on first day of work, you really have to walk around all these departments, right? ServiceNow automates that, makes that fast and simple. Now on the Okta side of things, we offer something called HR driven provisioning or directory driven provisioning, and how many people are doing that today? All right, the rock stars, good stuff. HR driven and directory driven provisioning is very powerful.

Essentially what this does is as soon as the users created an HR system like Workday or SuccessFactors or create an inactive directory, we can realize that, get that user, and then proliferate access to every single application that they need based on their job role. A sales user might get Marketo, Salesforce, a few other apps. Other users could get apps like G Suite Box and Office. What happens when you put those two together? Well, you have the once again ability to completely remove those checklists that take up tons of IT time and replace them in an automated fashion, and we'll hear from Chris from Concur how they've actually made that a reality. Now it sounds complex. I definitely admit, but at the end of the day, it's actually a pretty simple process.

All we're going to do is first we're going to go ahead and just take advantage of that same provisioning integration that we have in Okta, the one I showed you a minute ago, and then you just let built-in ServiceNow technology kick in from there. You can use business rules within ServiceNow to listen whenever a user is added into the ServiceNow system, and then kick off a workflow, simple as that. We're literally looking for new users that are added in the ServiceNow and then in our case, we have a simple onboarding workflow it's going to issue out a laptop, once again set up a desk, give them a phone.

We'll have managers sign-off at the end of the day, but this could literally just tie to the existing on-boarding and off-boarding processes you already have in your organization. Once again, let's see it in action. Okay. I was actually going to ask you guys the name of an end user that I should add my organization but in our demo run yesterday, I used John Snow and I thought it was perfect because this is a ServiceNow session and that's kind of funny. We're going to go ahead and roll with that. Now once again, this could be adding a user in Workday, could be active directory. In our case, we're just going to add the user in Okta just to make it really nice and simple.

Now this is where the magic really comes into effect because what Okta does is we have these awesome flexible things called group rules, and what group rules allow you to do is they allow you to look at any different attribute assigned to a user and assign a user to a group. Groups of course dictate what apps, what resources users have access to as well as what security policies are enforced on that user as well. In this case, we have a simple use case. If their email domain is at Okta BD, then we're going to assign them to a birthright group, but what we see in the field is oftentimes that's department, so you can assign different users because their department equals sales or marketing or whatever; two different groups that exist in Okta.

Just taking a closer look at that birthright group, they've got Office 365, RingCentral Box and ServiceNow all assigned right out of the gate. Let's go ahead and log in is John Snow. Let's see what that looks like. All right, first time logging in. I hate Tomatoes, so that's my least favorite food and voila, the user now has access to all of these fantastic applications, once again including ServiceNow. Very powerful, but this is really only half of the onboarding checklist, so let's go ahead and take a look at the ServiceNow side from an admin.

We built out what I showed you before in that little diagram ServiceNow is listening for a business process when users were added to the system, and then we automatically created a few tasks from a workflow be built in. As you can see, John Snow automatically has a few different ServiceNow tasks in fulfillment stage, like getting a desk phone, getting a smartphone, getting a laptop. We've even done something even cooler, we actually listen to the Okta syslog API to validate that John was assigned the right applications that he needed as well. You have great unified way of keeping track of all your users even through ServiceNow workflows, so very, very cool, very powerful stuff.

Oops. Back to value, on-boarding and off-boarding checklists are complicated business, so I'm sure everyone here can very immediately see the benefits you might be able to get out of this, right? Way, way, way less time, burden, money on IT and of course your users get to hit the ground running on day one, so very powerful stuff. Now we've done a lot, we have an out-of-box integration, we've automated on-boarding and off-boarding, but inevitably at the end of the day, your end users, they're probably going to need access to specific apps throughout their tenure at your company. Do you really want to have that turn into an IT ticket every single time? Hopefully the answer is of course not and we have a solution for that.

Essentially what we have is you can have Okta take advantage of the ServiceNow service catalog, really supercharge the self-service options that are available to your end-users from this one single place that they're already used to going. In this case, users can do things like request access to Box, G Suite, Tableau, join a specific group, maybe even a distribution list. They can reset their MFA factors for Okta and even reset a password, all from the service catalog, so very awesome, very powerful stuff. When our customers came and asked us about this, we were so excited about this use case, we actually helped facilitate this even easier.

We're very, very pleased to introduce that we have an Okta activity pack that helps you supercharge these workflows today in the ServiceNow store. What this does is for any ServiceNow user who takes advantage of ServiceNow orchestration, you can automatically install this Okta activity pack and inside those workflows, you can just drag and drop Okta actions, like the ability to add a user do group, remove them from a group, check and validate that they're in a group, et cetera and a few other things. Now if you don't have orchestration within ServiceNow, don't worry, you can still take advantage of this.

Instead of having these nice little GUI things you can drag into your workflow from the Okta activity pack, you can do the same with a script that you bring into your workflow that calls the Okta API, so there's solutions regardless. Just to show you what this looks like, well first you might start by creating a service catalog item in ServiceNow something very common that ServiceNow administrators are used to. In our case, we just created a request access to box catalog item. We even add in a nice comment so you can describe why you need this app. Then at that point, when a user actually requests access to that service catalog, we're just going to trigger a workflow. In our case, this is very, very simple, right?

We're just having that go to a group of box managers who can approve that, but this could be as powerful as complex as you want, multi-tiered approval, timers, all sorts of stuff, everything available today in work flows from ServiceNow. Where this activity pack comes into play is the next step because once you have that manager approval in the workflow, you can then just drag one of those Okta activities directly in this workflow to request that a user gets added to a group. In our case today, a box users group. As I showed you before, by having users automatically put into specific groups in Okta, you can control what apps, what resources, what security policies are enforced on them. This is a single use case that's really unlocked with this activity pack but just consider that. 

Think of all the different ways that you could potentially use this to save a lot of time and headache in your business. Let's take a look, let's see what it looks like. Okay, so I'm going to go ahead go back to John Snow, and let's say John is traveling to India. One thing we see in the field from our customers that it's very common for different GOs in a single business to have a different set of apps that they use. Even though Jon was provisioned O365 because he's a US-based employee on day one, he might need G Suite when he goes to India. We actually brought John because we know he's an end-user, not a ServiceNow administrator on sign in to the ServiceNow service portal.

This is a great awesome unified portal that makes some really awesome improvements on top of the ServiceNow service catalog, makes it easier to locate and easier to have self-service capabilities. If we take a look at this software catalog from the service portal, you can see we did what I described before. We added a few objects. Here you can request access the G Suite, O365, RingCentral, and we even have this new user self-service cat we came up with where you can request access to a group, reset MFA or reset a password. All stuff that we want all you guys to try and take advantage of today. Let's go ahead and request access the G Suite. Oops, traveling to India.

All right. Now this has been requested, so let's go ahead and swap back to the admin side of things. On that same exact visual tasks board we had in ServiceNow, you can see that he's requested access to G Suite and this is pending approval, right? It's in the waiting for approval state. We're going to go ahead and just update this for demo purposes and oops, excuse me. Oh, having trouble. One second, there we go. Resolution got me. All right. Now that that's approved, give it a sec. You see it moved over to the completed category. Now if we navigate back to John Snow, we go to the Okta dashboard, immediate access to G Suite and the Gmail just like that. Very powerful, very awesome stuff.

Now back to value once again, we know that these ongoing individual tasks that your users want access to pretty much equate to IT tickets, and that's why we help facilitate solutions like these, and the self-service once again saves time and money for our IT departments because it's not ongoing basis stuff that we have to deal with. Well, once again giving your end-users just more powerful access to the things that they need.

John Haberland:  What's next for Okta and ServiceNow? In short, it has to do with the convergence of security and identity, but first let's take a look at the security challenges organizations are facing today. This data from a recent cost of data breach study from the Panama Institute paints an unnerving picture of the present state of affairs. Respondents to the survey indicated that it took an average of 191 days to spot that they have been breached in the fiscal year 2017, so it's not the calendar year. That's over six months of an intruder inside of the organization seeking out the most valuable data to ex-filtrate. We've heard these stories other places, Home Depot and Target and so forth.

Once the breach has been discovered, it is taking an average of 66 days to contain and remediate the issue. This is simply too long. What is causing this? One reason is the majority of breaches are due to existing vulnerabilities. The issue with most vulnerability assessment tools is they do not provide alignment with security incident response systems to allow for broader investigations and they provide no way to remediate the vulnerabilities nor alignment with IT change management. It can be difficult to determine which vulnerabilities to patch first or to know how applying patches will affect existing systems, but this isn't the only contributor to long response times.

Security teams are overwhelmed. While an organization security products do a nice job of protecting and detecting potential security incidents, they create a lot of alerts and that's an understatement. Some organizations can see hundreds or even thousands of these alerts each day. How can one tell them apart, which ones do you work on first? These varied icons are interesting way of visualizing it. All these alerts look pretty similar, right? How can one tell which one is most important? These alerts are typically missing context on how a particular will actually affect the organization. Then once the security teams know they have a problem, the tools they are using for resolution are typically manual. 

For example, many organizations take the alerts from their systems whether they are directly from an endpoint security product, firewall or even a security event management system, and put them in the best repository they have, the dreaded Excel spreadsheet. As they work on the process for resolving the problem, the processes might be on paper as part of a policy or they need to go and speak with another security analyst or team member. How do the teams communicate? Via the same tools that they always use for other communications email. Lastly, we are finding that while security and IT teams are all part of the same larger group, they actually act in silos. They use different tool sets. 

These silos and tool sets are another important factor like when security teams need to determine what's needed to fix a problem. Typically only the IT operations group can fix the problem. This could involve patching or rebooting a server or disabling a person's active directory credentials. This silo-ing leads to longer resolution times. Despite having all of these products, security incidents are still getting missed, events and alerts are being generated from dozens of security products and creating work for the security and IT teams. In many cases, organizations are getting thousands of alerts per day and people can't scale to meet the volume.

How does your team track incident response today? Is it in emails or spreadsheets? Do items fall through the cracks? How do you track metrics? If you recall the ServiceNow architecture slide that I showed initially, there was a box for security. If we zoomed in on, we would zoom in and the security operations would be part of that box. There's different components to security operations, which I'll go through one by one. Security incident response is the piece that Okta is building an app for. It's called the Okta identity cloud for security operations, and I want to be very clear that when we hear the word incident, it is not a ticketing tool.

A ticket is if you have a security incident and then you put it into JIRA and it ends there. With anything that's integrated with security incident response, there will be an incident created and then there will be automatic enrichment of that incident. If you've heard about the swivel chair dance, the analyst does not have to go and say, "I have the ticket over here and then I have to go log in to the affected system at another console." Perhaps that analyst doesn't even have access to that console, so he would have to take the ticket and forward it to someone else. We take care of that by automatically enriching the incident and all that information will be provided in the security incident response interface.

Then from there, all that information is presented and the analyst can make a decision about what to do with this incident, and the next powerful part of security incident response is providing actions that can be taken from the same interface. For example, again they don't need a swivel chair, I make a decision, I need to bump a person off the system or I need to quarantine that machine, I'll have a button or some method within the interface to be able to do that right from security incident response. They don't need to go and access another system to do that.

Moving on to vulnerability response, so we talked about earlier that the security teams are being overwhelmed with their vulnerability scans. We take all the vulnerabilities from your vulnerability assessment tool and put them in a workflow and within the ServiceNow system to be able to track all those, that you're not putting them in Excel spreadsheets and figuring out which are the windows boxes, putting that one set of tabs, taking all the Linux boxes, put it in another set of tabs. Threat intelligence. If you're already subscribed to a threat intel feed, like an eyesight or an eye defense, we can adjust that. We can adjust free feeds or anything that's STIX or TAXII formatted.

What the great thing is about threat intelligence is that let's say for example you have a vulnerability that's in vulnerability response, and if via the threat intelligence we know that that's being exploited in the wild, that would greatly increase the risk score for that vulnerability, and then you would know to prioritize that to patch that first over a different vulnerability. Then lastly, the perfunctory. Obviously, where a system of action needed the workflow, the automation and orchestration and deep IT integration. This is more detail on security incident response. I can skip over that in the name of time. I can sit up here and talk about security operations and say that it does great stuff, but really the proof is in the pudding in terms of what the real metrics are.

If you notice here I think, I forgot to put what the time metric is for 29 and a 33. Does anyone think this is months? Show of hands. Days? Hours? As we talked about before, it was over six months to detect that a breach had occurred and two months to detect that once you had it corrected. No one think those numbers are pretty good? Hundred and sixty times improvement in terms of the time to identify a breach, and then 50 times improvement to contain a breach. Okay, so let's talk about the app. This is kind of an overview of the Okta identity cloud for security operations. As you can see as I alluded to the app queries Okta and does the incident enrichment and grabs all the log info for whatever identity has had an alert fired for it.

Then also it allows to do the incident containment and remediation. Again, we're all going to see this in the interface. It greatly reduces the triage time. You automatically have the user context. You can see the applications that the users provision to, their group memberships, and their recent user activities, what's their last logins. Then the user controls that were provided directly within the security incident response interface that some of the examples are clear sessions, suspend or de-provision the user, remove application access, remove group membership, or enforce password or multi-factor authentication.

Let's quickly move over. We have two personas in this demo, one is Ed. He is the security analyst and the affected person is Mark. Now the important thing to realize about Mark ... I got to keep going. The important thing, the next session is for half an hour just so everyone knows. The important thing about mark is he's our CFO and so we brand him as a high risk profile, which means that if his identity gets breached, that could have major implications because his box folder could have confidential information, 10 Ks and 10 Qs and so forth that haven't been released yet. If we see any activity around his user ID, we really, really need to worry about that.

Where'd it go Kyle? There we go. This is Ed's view when he logs in the security incident response. This is the dashboard that he sees. He can see the security incidents that are assigned to him. We click on that. We timed out. We click on the incident and we can see it's really small to see here, but the short description says sumo logic failed authorization and Okta fired at August 24th from Mark Stephens. Now if we look down here, we can see some information here, but this is delimited text. What we would like to see is something in a more user friendly format and that's what the Okta ad provides. I can go in here and I said I want to see the enrichment and I can see the application assignments.

I go in and I can see that mark is assigned to GitHub, Palo Alto, Slack, Box, and ServiceNow. We can see his group memberships. Again, he's a high-risk user and here he's part of this accounting group. Again, this goes back to that he has access to highly sensitive financial information. I can even go and look at his syslog entries, which are not showing up for me. There we go, took a second. What we're going to do is we're going to take action on Mark. We could go in and say look, we're just going to knock them off the system but that's going to make Mark angry. He's the CFO, we don't want to do that. What we're going to do is we're going to clear his sessions and then we're going to apply a high risk profile.

What the high risk profile is going to do is that it's going to allow him to get to his Okta desktop but when he clicks on his high risk profile, which we'll see in a second, it'll say please contact us, we believe that there's someone that's compromised your password, please give us a call. If we would just completely knock him off and we certainly don't want to de-provision them, again that would be bad. We have to log back in as Mark. We cleared his session. We added part of the high risk profile as they used to do multi-factor authentication. There you go, he's assigned as a high risk user. We click on this. You see that we removed his access especially box that's what we're most worried about. We click on high-risk user.

It'll open up a ServiceNow page and then he can leave a comment here and someone from the service desk will be able to contact him and get him back on line. That concludes the demo. Thank you.

Kyle Diedrich:  I'm going to go take it to two sentences. All right. Thank you John so much. I clearly did not lie. We really did have a lot to show you, so all I can say is definitely check out the ServiceNow booth. I'm going to be tomorrow at the OIN booth myself, so come and swing by, ask me questions, and definitely find Chris because he's awesome and he knows a whole bunch of great stuff and can tell you about how you can do the same thing with Concur as well. Thank you all for staying, appreciate it, and we'll see at the super session.