Cloud-based identity-as-a-service provider Okta says it has renewed its focus on solving cloud migration impediments and beefed up its offering to developers.
iTWire spoke to Scott Schwarzhoff, vice-president of Product Marketing, at Okta’s recent Oktane 2017 conference. Schwarzhoff joined Okta from Citrix two years ago and states: “What struck me about Oktane two years ago was every session was led by a customer.
“When you hear John Deere talk about having to serve farmers across the globe, above their full-time staff, it really lights up these are the challenges a business has when moving from a large on-premise infrastructure and trying to go the cloud.
“Having a partner in Okta go on that journey with companies really helps them move to the cloud. IT has focused on the network perimeter for so long but now you have to think about what happens when there is no perimeter or the user is the perimeter.
“Our focus right now is really on ‘how can we solve customer problems that are intractable at this moment?’”
Okta, started in 2009 by Todd McKinnon, previously head of engineering at SalesForce, and Frederic Kerrest. “Todd and Fred recognised as companies increasingly embrace cloud and mobile technologies, and no longer own, manage, patch, upgrade and integrate everything themselves, the rules change,” Schwarzhoff said.
“You want to be able to design experiences for all your different audiences by integrating all sorts of different components into a secure experience, whether empowering employees to have best-in-class apps on any device, allowing partners to collaborate in their partner ecosystem of thousands of contractors and suppliers, or even your customers.”
{loadposition david08}Schwarzhoff used the ARIA Resort and Casino, Las Vegas — where Oktane 17 was hosted — as an example. “The ARIA is an Okta customer through MGM Resorts International, who have over 19 hotel properties with their own loyalty programmes and their own understanding of who their customer is.
“MGM wants one personalised experience. If you go to the Bellagio and eat steak and watch Celine Dion, they want that identity to carry with you when you go to the ARIA, so the customer experiences can be assisted when you have a complete view of identity around the customer.
“This is what Okta is really focusing on, helping customers make that move from on-premises to the cloud, while also helping solve problems across customer-facing and company-facing issues.”
At Oktane 17, Okta announced two major product announcements which feed into solving the customer challenges Schwarzhoff speaks about, specifically managing and securing the extended enterprise, and transforming the customer experience.
McKinnon described these in the Oktane 17 keynote explaining Okta has progressed from connecting people through single sign-on into an ecosystem of customers and employees and contractors. “We want to allow for easier management and administration to help IT in an organisation, as well as how to think of the end user as the perimeter and stay focused on securing them,” he said.
Okta announced it has broadened its ecosystem of 5000 pre-built integrations with partners to include security platforms and network appliances among other things. “Now you can integrate all kinds of things. We built integrations with F5 and Citix NetScaler so you can integrate from ‘cloud to ground’,” Schwarzhoff said.
“You can have identity persist through Web and cloud apps to on-premises apps. F5 is a network system, but you can integrate with them now.”
“We have relationships with MuleSoft and IBM and other partners where we can facilitate the security around these endpoints and it broadens the reach of our ecosystem beyond cloud apps to managing your network infrastructure. This includes API gateways, ServiceNow, CASBs like Netskope and really thinking about a much bigger and broader landscape.”
Additionally, Okta announced it is expanding its directory, Universal Directory, which integrates with other identity stores.
“A user can have their name and role from the WorkDay HR system, but their phone from RingCentral, e-mail from Active Directory, and so on,” Schwarzhoff said.
“We now support LDAP-based apps, like an on-premises AD. We want Okta to truly become an iconic company with vendor neutrality so it was important we interface with, and support, 20-year-old legacy LDAP protocols as well as DevOps situations like Jenkins and Atlassian.”
This includes lifecycle management, Schwarzhoff explains, giving an example of contractors and partners who sit outside Active Directory, or maybe exist in another company’s Active Directory.
“They’re a critical part of the supply chain so it’s important to have the ability to say ‘ok, you’re a contractor, I will set you up with 30 days to Box, and after that cancel your account, pull your files back, de-provision your access to our ERP', and so on,” he says. “This is where a lot of the new neutrality function of Okta falls into, to manage the extended enterprise.”
Okta enforces strong security across its product line with multi-factor authentication just as integral as single sign-on. This multi-factor authentication is considered “adaptive” because it uses user context such as location or device, allowing or questioning access based on contexts.
“This year we’re extending the product so Adaptive MFA covers more infrastructure,” Schwarzhoff said. “Say you’re using RDP or ADFS or custom web apps. We have the ability to front-end those different endpoints with our MFA products, with the theme of integrating more things. They’re not just cloud apps, they all essentially form your infrastructure. It means Okta becomes a complete access management solution, which is really enterprise-grade, highly-secure, highly-scalable, and can interface with everything from ‘cloud to ground’.”
Managing and securing the extended enterprise has long been the core Okta business. However, Okta is now heading to new areas in customer identity, Schwarzhoff says. As with the MGM Resorts example, Okta seeks to play a greater role in helping customers build modern, mobile Web apps that are more personalised, more engaging and secure.
“We can allow MGM to tailor and make a personalised offer,” Schwarzhoff says, “because we can aggregate all this identity data. We want people to have a consistent experience across devices, without having to think about entering passwords and synching.”
To help software developers get on board with Okta, the company also announced a new product named Okta Developer Edition, allowing programmers to rapidly add authentication to their app without having to understand any of the identity calls or policies or protocols.
“We increase developer productivity and make a compelling Developer offering at developer.okta.com,” Schwarzhoff said. “It is an entire experience component to allow custom branding, vanity emails, vanity branding - everything to make it look like your brand. We make it so developers can use their brand and not have to write a lot of code," he said.
“In my view, the work we’re doing around our developer products and experience, really enabling identity for any application, is where a lot of the new growth of Okta is focused on.
“This Oktane is the first time we’ve talked about customer identity and we enable this through free tools and experiences. Want to build a new .NET app? Get a new toolkit, add a user store, and add identity in a handful of code and get identity working and focus on business logic. That’s the newer area for us and represents where we see customers moving. It’s where we see revenue-generated transformative experiences and that’s more personal.”