Okta Oktane 2018 kicks off in Las Vegas today. I’m not there in person this year, but owing to Okta’s prominence and the increasing role of SaaS apps and identity and access management in end user computing, I’ve been covering the show for the last few years. (If you’re interested, the keynote is streaming live today at 8:30 am Pacific Time.)
I don’t think I need to say anything more about the importance of SaaS apps and IDaaS, so what’s new in 2018?
Okta Oktane 2018 news
First, they’re touting Okta ThreatInsight, a new feature that analyses logins across the entire Okta customer base to identify IP addresses associated with malicious activity. The idea is that this feeds into their conditional access engine—along with the device, network, location, app, and user information that it already has—and then with richer data, you can be more confident in changing your authentication policies. To go along with this, there’s a new SKU called Adaptive SSO, oriented towards using these capabilities with other products like third-party MFA.
Also in new SKUs, Okta is announcing “API Products for One App.” This is a cheaper way to buy into their platform for customer-facing use cases for companies that, you guessed it, have one main app to deploy. It will scale to millions of users, and you can still have multiple types of clients (iOS, Android, web, etc.); plus if you include Okta branding on your app’s login page, you can use the service for free.
Okta and VMware partnership
The biggest enterprise news of the show is Okta’s partnership and integration with VMware Workspace One. Okta was already moving towards a collaborative strategy when it comes to mobility, but VMware and Okta told me they had a lot of joint customers that helped drive this partnership, too.
A key use case for integrating identity and access management is to ensure that devices are compliant with EMM policies when accessing apps. AirWatch has had a partner-oriented compliance check API for years, but this new joint effort from Okta and VMware is going to go much further by the sound of it.
There are several components available today:
- You can use Okta to control access to Workspace One.
- As mentioned, Okta can check device compliance in Workspace One; in some scenarios, Okta just delegates the whole access decision to it.
- New today, you can access Okta-managed apps from the Workspace One portal.
Also notable, Okta and VMware sales teams will be trained on the joint solution.
As you can imagine, there are plenty more potential ways to integrate identity and access management with endpoint management. (For example, when you provision app access to a user in Okta, you could have Workspace One automatically push the client to the user’s device.) However, aside from more compliance signals and security integrations, Okta and VMware aren’t sharing any specifics about the roadmap.
This partnership is a clear opportunity for both companies, both in the way that they complement each other, and in how they can band together to even better compete with Microsoft. Of course, VMware has had its own identity and access management capabilities for years, but it’s always smart to know when to partner with a top player, especially if it’s driven by joint customers. Other than that, there’s not much else to say until we see what other specific use cases they enable.
Update, 10:00 am PT
The full list of announcements is now available. While Okta shared some of the Oktane news in a pre-briefing, it looks like they held a few things back for today, including:
- "PassProtect," a consumer-facing Chrome extension to check passwords against Troy Hunt's HaveIBeenPwned API;
- A partnership and integration with Workplace by Facebook; and,
- "Sign In with Okta," the enterprise equivalent of social logins (like when you use Google or Facebook to sign into random websites and apps).
We'll have to dig into Sign In with Okta. They're calling the concept "business authentication," and if it has anywhere near as much influence and utility as social logins, it could be an important new identity and access management category going forward.