Demystifying Upgrading to OIE Series

Episode #1: The Upgrade Scenario 

This Series is authored by Ruchir Parikh.

Welcome to this multi-part blog series! 

This is a series of blog posts for Okta Classic customers, where we will use a fictitious company, Atko HytekSys, that will help understand the upgrade journey from start to finish. The 4 episodes in the series will provide tips and tricks along the way. In this first post, we will introduce the fictitious company and the value they will gain from upgrading to OIE. We will also cover how the OIE upgrade Self-service upgrade tooling works. 

Upgrading from Okta Classic to Okta Identity Engine (OIE) brings a number of key benefits to your leading independent Identity partner. OIE is a free full platform upgrade that delivers both enhanced security and improved user experience. Among other things, OIE accelerates the implementation of passwordless scenarios, zero trust use cases, and all the while provides greater flexibility and scalability of creating secure identity flows. OIE delivers a new authentication framework allowing for an assurance level based approach that supports app -level policies, advanced device context that takes Device trust to the next level and plenty of new improvements. Additional new capabilities will be unlocked with OIE, such as Okta Fastpass, Okta Device Access and phishing resistant PAM.

Introducing Atka HytekSys

Atko HytekSys is a fictitious Enterprise Okta customer currently on Okta Classic who plans to upgrade to Okta’s Identity Engine (OIE). Atko HytekSys has customized and configured some of Okta’s complex features, like Mobile and Desktop Device Trust and custom internal OIDC applications with embedded and customer-hosted Sign-in widgets. 

Why Upgrading to Okta Identity Engine (OIE)? 

Atko HyTek Systems wants to take advantage of the new security functionalities that Okta Identity Engine (OIE) offers. As this Okta tenant is used for their internal Workforce, they want to take advantage of per-application authentication policies, Okta FastPass, and new, easier-to-deploy Mobile and Desktop Device Trust implementations. 

Per-application authentication policies

In OIE, Atko HytekSys can now manage authentication policies at the application level, allowing customized authentication flows for application(s) based on the application's security posture. 

Atko HytekSys can evaluate an application's security posture and group it into a low, medium, or high authentication policy. This simplifies managing a large number of apps while allowing customers to customize to their needs. Within the policies, customers can create rules that can be stacked based on the end-user's group membership, location, device state, device assurance policy, and other criteria. From these data points, Atko HytekSys can choose which MFA authenticator is presented to their end-users for authentication. 

Such a simple framework is a solid foundation to implement a security outcome based approach and can be customized to any specific requirements or needs.

The data points for this authentication are collected from the Okta Verify app on the end user's mobile and desktop/laptop device, leading us to the next big feature in OIE FastPass.  

Okta FastPass

Okta FastPass - offers several benefits for customers:

1. Enhanced Security: It utilizes a combination of factors like biometric authentication, device recognition, and adaptive policies to ensure secure access to applications and data.
2. User Convenience: FastPass enables seamless and quick authentication processes, reducing friction for users while maintaining high-security standards.
3. Improved Productivity: With faster access to applications, employees can be more productive, focusing on their tasks rather than waiting for authentication processes.
4. Cost Savings: By streamlining authentication processes and reducing the need for password resets and helpdesk support, organizations can save on operational costs.
5. Scalability and Flexibility: Okta FastPass is scalable and adaptable to various business needs, accommodating growth and changes in the organization's infrastructure.
6. Compliance: It helps organizations meet compliance requirements by offering strong authentication methods and robust security measures.

Overall, Okta FastPass balances security and user experience, offering a solution that enhances both while also being cost-effective and scalable for businesses of all sizes.

How does the Okta Identity Engine (OIE) Upgrade work? 

The OIE upgrade is now self-service for almost all customers. If your Okta tenant is eligible for the OIE upgrade, you will see the Self-Service Upgrade widget in your Okta Admin Dashboard. You must be a Super Admin to be able to see the Self-Service upgrade to Okta Identity Engine widget. 

To get started, click on the “Schedule upgrade” button. Do not worry; admins can’t accidentally upgrade their tenants. OIE upgrades must be scheduled in order to complete the upgrade. The next screen admins will see is an overview of the two steps of the upgrade. 

Go ahead and click on the “Get Started” button to see if your Okta tenant has any blockers or if you have customizations that may require some configuration changes to be made. 

The page above is an admin's main console for the OIE upgrade. This is where admins will see what blockers your tenant has, if any. Admins will need to consent to any configuration or behavior changes. It is HIGHLY recommended to test all use cases in Okta Preview before upgrading your Okta Production environment. Once you have consented and cleared the blockers, admins will see the scheduling section. 

What’s Next?

This episode is the first in a series on upgrading Atko HytekSys to OIE. In the next post, we will review the consent and blockers Atko HytekSys has and the links to their remediation. We will also discuss how to set up your Okta Preview environment to maximize your learnings for your upgrade in Okta Production. Company-wide/end-user communication that administrators should send prior to and after the upgrade. Lastly, what to do if you encounter an issue with your OIE upgrade and need to be rolled back to Okta Classic. 

Contributors:

Brent Arrington 

Dimitri Volkmann