With everyone focusing on social distancing right now, Okta Oktane 2020 is the first big virtual conference we’re covering. It will be interesting to see how each vendor handles transitioning from a physical show to a virtual one, for those that have decided to do so.
While the keynotes and breakout sessions are scheduled to begin at 9 a.m. PT, Okta put out its main press releases a few hours before the show. We had a chance to get a pre-briefing with chief product officer Diya Jolly, so we’ll share what we know for now, and then add updates later.
There were two main updates today, covering the overall Okta’s Platform Services and one of our favorite topics, getting rid of passwords with something called Okta FastPass. If you want to catch up on what Okta has been up to, you can read about the on-premises Okta Access Gateway and other announcements from last October, and head back to our Oktane 2019 coverage.
The evolution of Okta Platform Services
Most people in our space know Okta for federating enterprise users to SaaS apps, but over the last several years, Okta has been evolving into a platform that can be used for many different use cases, including customer-facing identity and access management. They’ve been working to make everything modular and API-driven, so that customers can build whatever identity workflows they need.
If this is something that sounds familiar in the identity industry, this is with good reason. When you consider the rise in new types of employment (like app-based gig-economy workers) and the digital transformation of frontline workers, there are all sorts of new identity management use cases out there. So, Okta is taking features of workforce identity (the traditional enterprise stuff) and customer identity management (the stuff that consumers use to interact with a company) and blurring the lines by opening up everything as much as possible. This is all under the umbrella of “Okta Platform Services.”
What does this actually mean in terms of product updates?
There are three main components of the Okta Platform Services that are pretty well established: Okta Directory, Integrations, and Insights. Today at Oktane 2020, Okta will be talking about new capabilities with three other components: Okta Identity Engine, Okta Workflows, and Okta Devices.
The Okta Identity Engine was announced last year, and provides a lot of customizable features for customer identity management, including passwordless onboarding, user profiling, customizable branding, and so on. This year, they’re bringing it to workforce customers.
Next is Okta Workflows, which is a no-code platform for integrating identity. This came out of their acquisition of Azuqua last year, and now it’s launching as part of the Okta Platform Services.
The last new part is Okta Devices. This is a service that enables a whole bunch of device context and security features, including FastPass, which we’ll cover next. This can work both standalone or with EMM.
Okta Devices and FastPass
We’ve looked at how Okta was moving to offer a passwordless experience before, and at Oktane today they unveiled Okta FastPass. In a conversation with Diya, she told us that she views FastPass as a way to offer companies a way to go truly passwordless, however, you still do have a password, it’s just not something an employee would use all that often. FastPass will work on iOS, Android, macOS, and Windows devices, using an updated version of Okta Verify for both managed and unmanaged devices. FastPass will be available in early access in Q4 2020.
How Okta FastPass works is that users will download the Okta Verify app (or IT can push to managed devices) and log into the app using their password or a Yubico Yubikey (log in with QR codes in the future will come later). This initial authentication should be the only time users log into any apps with a password, with device biometrics used going forward. Once logged in, Okta will establish the user’s identity and device, with the data stored in Universal Directory or the organization’s MDM.
Subsequently, every time a user attempts to authenticate, Okta will calculate a risk score, using contextual data pulled internally from Okta Devices and from external products like the company’s MDM, VMware Workspace ONE Risk Analytics, and more. Using the Okta Identity Engine, IT admin can create per-app policies about whether to allow access, require a step-up authentication, or deny access.
Okta Devices is needed for FastPass to work, as it’s a native app that collects the usual device information that the different OSes allow, providing the contextual data. Additionally, Diya says that it allows for some minor amount of management, in that admins can remotely sign out of a device and disable a device from authenticating.
What else we’re looking forward to
A quick glance through the Oktane session catalog shows plenty of roadmap sessions, so there will be more to talk about on all of our favorite identity topics.
In particular, we’ll be looking out for more news about the Okta Access Gateway. It’s been GA since November, and enterprise customers bringing their cloud identity services back down to on-premises applications will certainly be an important trend to follow.