Post

Security and SSO (Single Sign On) using Okta

06 February, 2021

Technology

Your company, like nearly every other business on the planet, has employees using on-site, cloud, and mobile applications to get their daily work accomplished.

While the use of dozens of applications within a business is usually necessary to provide goods and services to customers, those applications come with a risk – passwords.

Because employees are human, they often use the same password for multiple applications, write passwords on post-it notes so they can remember them, and even then, they still forget passwords – wasting both time and money regaining access.

Pronix has partnered with Okta to help secure your applications and ensure that your employees don’t use up valuable work time trying to re-establish access to applications because of password misuse.

Okta is a San Francisco company that specializes in identity and access management. They provide identity controls for:

  • Applications
  • Websites
  • Devices

What is Identity and Access Management?

To log in to any modern application, you must first prove that you have permission to access that application. Most often, the application demands identity proof in the form of a user name and password.

Identity and Access Management software securely houses all of your usernames and passwords in one central application (in this case, Okta) and automatically provides those credentials to approved applications when prompted by the application and user.

Think of Okta as a safe for your passwords that also is the key to open up the applications you and your staff use every day.

Okta helps keep your passwords secure – and, in turn, the confidential/proprietary data that can be accessed with those passwords.

What is SSO (Single Sign-On)?

SSO or Single Sign-On allows you or your staff member to have one personal identity credential that will open all your applications. The way it works is that you sign into the Okta application, then the Okta application securely provides the individual, unique credentials needed for each application you use throughout the day.

What Kind of Application Identity Credentials Can Okta Manage?

Okta integrates with more than 6,500 applications in their Okta Integration Network and has an App Integration Wizard for developers if you need a custom app built for your workflow. Developers can get SAML integration toolkits for:

  • PHP
  • Java
  • .NET

No matter where your applications are hosted, Okta can help you access them with protected credentials.

  • Cloud Applications
  • On-premise Applications
  • Mobile Applications

Who Sets Up and Configures Sign-in Options in Okta for a Business Like Yours?

Okta setup and configuration should be conducted by experienced IT professionals. If you don’t have an internal IT staff with this skillset, the Pronix team would be happy to have that conversation.

Once Okta has been deployed and set up across the organization, there are several setup options for sign in. The one that is right for your company will depend on your cybersecurity risk profile and your compliance obligations. Again, Pronix can guide you in these choices.

Here are the sign-in setup options as described by Okta.

  • User sets username and password
  • Administrator sets username and password
  • Administrator sets username, user sets password
  • Administrator sets username, password is the same as user's Okta password
  • Users share a single username and password set by administrator

What Are the Advantages of Incorporating Okta into Your IT Environment?

  • Never lose a password again
  • Easily provision and deprovision your employees’ use of applications
  • Save time
  • Preserve productivity
  • Secure data by securing access credentials

How Okta’s Internal Security Improves Your Secure Use of Workflow Applications

Okta uses AWS (Amazon Web Services) infrastructure to host its IT environment. AWS is trusted by everyone, from fortune 500 companies to DOD contractors and governmental agencies. Okta uses the following security topic layers to describe its approach to security.

  • Platform
  • Domain access
  • Customer data
  • Operations
  • Single Sign-On and directory integration
  • Web Authentication
  • Active Directory integration
  • Network
  • Permissions
  • Vulnerability Protection
  • Third-Party penetration testing
  • Server and physical access
  • Hiring practices

There is a ton of detail that goes into Okta’s security strategy and, as a result, the security of your application credentials. Let’s take a moment to highlight a few of the bigger pieces of the Okta security puzzle.

We’ve already mentioned that Okta works on the AWS network of data centers. This is important because it gives you a sense of Okta’s security posture and ability to scale with your company. AWS facilities are perimeter controlled, under video surveillance, and data center floors can only be accessed by staff after they have passed a minimum of two, two-factor authentication credential checks.

Okta has taken the important step of partnering with a third-party penetration testing firm, iSEC Partners, to examine their systems, identify any potential threats, and determine how to solidify their defenses against those potential cyber events. This third-party testing gives Okta SAS 70 Type II Certification and SSAE 16 (SOC2) Certification.

The Okta platform includes security features that help stop Cross-Site Scripting (XSS), SQL Injection Attacks, and Cross-Site Request Forgery (XSRF). Their environment is monitored continuously for operational and security health.

Okta further protects your credentials stored in their system by doing thorough background checks of their employees and scrutinizing third-party contractors for compliance with their high standards of security.

Perhaps the most critical security element that is baked into the Okta system is symmetric 256 bit AES encryption. Your master keys are exclusive to your organization and, according to Okta, are “encrypted in three different ways to achieve the highest level of availability and business continuity.”

Looking for a way to streamline your application sign on activities while increasing your organizational and data security? Have a conversation with the Pronix team about implementing Okta.