Story image

Okta enhances its Adaptive Multi-Factor Authentication

01 Sep 17

Global Identity and Access Mangement (IAM) provider Okta has announced new functionality for its cloud-based Okta Adaptive Multi-Factor Authentication (AMFA).

The announcement came at the company’s annual Oktane conference in Las Vegas, which saw record attendance figures of over 2500 people.

Okta AMFA will now provide a more comprehensive set of authentication factors and robust policy frameworks that support contextual access management and adaptive, risk-based authentication.

AMFA will also support a broader set of applications, and can now be used for RDP, LDAP, other Single Sign On (SSO) products, ADFS, custom web apps and RADIUS.

It’s an effort to bolster the effectiveness and reach of the Okta Identity Cloud and more specifically the Okta application network, which the company has renamed, now calling it the Okta Integration Network.

Yassir Abousselham, Okta, chief security officer says the announcement is significant as credential harvesting is becoming a bigger security concern for cloud-based organisations with more data in more locations.

“Identity is now the security team’s last control point because security can’t manage every single person, device and app; what they can control is who has access to information, and when,” he says.

“With enhancements to our AMFA solution, marking multi-factor authentication as the new standard of identity-driven security, and the ability to make smarter security decisions based on context, we’re helping to ensure the right person gets access to the right resources, at the right time.”

The Okta Identity Cloud closely monitors access behaviours to determine when there is a potential threat actor using compromised credentials to gain access to sensitive company information.

With this intelligence, organizations using Okta AMFA can detect anomalies based on the user’s location and client, such as OS and browser user agent – helping them make more intelligent access decisions based on the context of the authentication event.

Organisations with AMFA can also now use Okta’s device trust capabilities to determine whether or not an authentication event is coming from a trusted/untrusted device, ensuring only trusted devices can access business critical applications such as Office 365, Workday or Salesforce.

The company also announced that basic two-factor authentication now comes standard for every Okta user, with the company’s Single Sign On (SSO) service now coming bundled with basic 2FA.

This means Okta SSO will now include a simple one-time passcode strong authentication for all users – making two-factor authentication now the standard for everyone that uses Okta.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.