Oktane17 has just ended and there were so many exciting product announcements to share, I thought it would be useful to bring together all the great product advances our teams are working on into one blog post. These enhancements will help you and your organization strengthen the way you approach identity and accelerate your organization’s digital transformation.
The general guideline is that all features announced will at least be in beta 3 months post-Oktane, many are available in EA today. If you are an Okta customer and would like to track a specific feature, visit the Okta community and look for the new roadmap tab.
Managing & Securing The Extended Enterprise
The scope of what an IT department manages today is changing rapidly and the definition of the users that they need to serve has also expanded. In addition to employees, IT has to secure and manage access for contractors, partners, suppliers and contingent workers. At Oktane, we announced several investments that will help IT embrace the cloud and provide a bridge to their on-premises infrastructure and provide new ways to better manage the user population outside of their employee base.
- LDAP Authentication for Universal Directory: To bridge the past and become the go-forward directory for our customers, we’ve added new capabilities to our cloud-first Okta Universal Directory so on-premises applications can authenticate directly to Universal Directory – eliminating the need for expensive on-premises LDAP servers for large enterprises. For younger companies, it removes one of the last barriers to a 100% cloud approach for all of their directory needs, no more on-premises AD or LDAP required.
- Going Beyond Applications with the Okta Integration Network: Okta has a tremendous track record with the Okta Application Network and we are extending the power of that network to new types of integrations that go beyond applications to include vendors for networking and security, analytics and API Gateways. To reflect the broader scope, we have renamed that network to the Okta Integration Network. We are excited about extending the reach and value of our technology ecosystem – including partners like Palo Alto Networks, F5, IBM QRadar and Sumo Logic – to address the breadth of ways that IT departments can unlock the value of the entire Okta product portfolio.
- Lifecycle Management for Every Person in the Extended Enterprise: We’ve created new self-service registration and Okta Lifecycle Management policies to provide a turnkey, out-of-the-box way for enterprises to create a highly customized and simple registration experience for partners and contractors – enabling them to easily and securely connect this broader set of users that make up their extended enterprise.
- Improved Delegation, Security and Self-Service for Okta Admins: A new Help Desk Admin role allows Okta Admins to delegate tasks like password or MFA reset, and a new set of reports can help with troubleshooting access issues. To improve the security around admin access, MFA can be required for all Okta admins logging into the admin console. Okta is also removing the requirement to contact support to enable EA features, by allowing Okta admins to self-service through a new EA feature manager.
People are the Perimeter
In today’s perimeter-less world, the proliferation of people, applications and devices makes identity the only way to control who has access to what information, and when. To mitigate potential threats, we are rolling out a number of enhancements:
Expanding Adaptive MFA from Cloud to Ground
- Cover everything in the cloud and on-premise: Adaptive MFA can now be used for RDP, LDAP, other SSO products, ADFS, custom web apps and RADIUS.
- Start Anywhere: Start with Adaptive MFA before beginning your SSO journey, or add Adaptive MFA to your existing Okta Identity Cloud service.
Enhanced Contextual Access management:
- API Access Management: We are extending our contextual access management architecture from users accessing applications to application and things accessing APIs.
- Restrict Access from Unmanaged Devices: Within an application's sign-on policy, admins can enforce that only a trusted device (MDM managed for mobile and AD domain joined for Windows) prior to accessing cloud applications.
Security for Everyone
- Basic Okta MFA Comes Standard: Effective immediately, every Okta customer can make their users more secure by adding multi-factor authentication with Okta’s time-based, one-time password app. This is a first for the industry – strong authentication for everyone!
- IP Blacklisting: Your information security program is likely to have a set of IP addresses that are blacklisted across your network and end points, and now you can add those IP addresses to a blacklist zone within Okta to protect against DDoS lockouts and brute force attacks.
- Common Password Detection: We’re fully aware that people are terrible at selecting passwords. To combat this, we’re rolling out a common password detection feature which will prevent users from using thought-provoking passwords such as ‘password’ or ‘password123’.
- TouchID for Okta Mobile: Allow mobile users to use Touch ID as an alternative to their unlock code when accessing Okta Mobile.
- Passwordless authentication for iOS applications: Once a user has logged into Okta Mobile, they can authenticate into native mobile apps without having to enter username and password.
Transforming the Customer Experience
Organizations big or small and across all industries are building mobile, web, and API-driven applications to transform their customers’ experience. Over the past year we have worked hard to make it easy for any organization to use Okta as their customer facing identity layer. We are going to continue to innovate so you can delight and engage your customers, while also keeping their information secure.
- Self-Service Registration: Developers can now easily add a registration flow, using the new self-service registration widget, registration APIs and SDKs. This include support for common workflows like email verification or password reset. Development teams can also choose to host the entire sign-in and registration process on the Okta service.
- Use your Brand: Everything Okta powers for your application is completely customizable.
Custom email and URL domains, and the ability to use your own SMS provider.
- API Access Management: IT teams can centralize policy and security for application development, allowing developers to connect to company resources with pre-defined access agreements – enabling organizations to connect microservices to partner and other external developers securely through simple access protocols.
- Developer Centric Okta Dashboard: A new admin interface built specifically for developers that dramatically improves the developer experience by making it easy to create and manage Okta apps, API tokens, and API Access Management concerns.
- Developer Experience: Okta is building best-in-class SDKs based on Stormpath's experiences with SDKs. We are shipping rock solid, tested, and idiomatic SDKs that make it easy to integrate Okta into your weekend project and are solid enough to work in the harshest production environments.
- Public Roadmaps For All Products: We are super excited to announce public facing roadmaps for all of our products. This will serve as a graet jumping off point to our ideas community to encourage a two way dialogue about what we should be building at Okta.
- Self-Service Feature Manager: Equally exciting, this public roadmap will be connected to your Okta instance and enable your Administrators to turn on new features and try them in your environment.
Don’t miss these blog posts for more:
- Identity and Device Management for The Extended Enterprise By Eric Berg, Chief Product Officer
- An Experience Developers Love, Enterprises Trust: Okta for Customer Identity By Alex Salazar and Ed Sawma
- Context + Access: How Identity-Driven Security Can Prevent Breaches in Your Business By Joe Diamond
- Connecting People, Technology and Communities: Introducing the Okta for Good Fund By Frederic Kerrest
- Oktane17: Identity for You by Todd McKinnon