Okta Today and Tomorrow: Going Beyond Internal Access Management
Here at Okta, we recently carved out core enhancements across four major components our the product, which we shared at Oktane17 in August. Your identity solution needs to be future-proof – connecting to everything you need today and backed by a team that will ensure it connects to the apps, devices, and tools your team will need in future as well. Here, we’ll outline a few of the recent changes and betas we’re most excited about. If you’re looking for the full breakdown of all of our updates, watch our Oktane17 presentation for details on Okta’s roadmap for the near future.
Directories and integrations
Okta has made great strides with Active Directory (AD) functionality. Some recent changes and improvements include:
-
Delegated authentication: Users can now easily authenticate with the right AD instance, instead of having to plow through potentially hundreds of others.
-
AD Agent Performance and Logging Improvements: Up to 90% performance gains means that related AD tasks that took hours now take minutes.
-
User profile mastery: Administrators can declare data precedence when importing from many sources to created detailed and valid profiles down to the attribute level.
While all of these are significant, we’re most excited about the changes to LDAP. There’s full LDAP lifecycle management, meaning if you remove a user from Okta, it syncs all the way through. Conversely, you can pull data from LDAP and push it directly into AD. We’ve added auxiliary class support, along with incremental profile import and LDAP schema discovery, allowing you to easily use complex user profiles.
In the next few months, however, there will be another exciting LDAP update: a full LDAP cloud interface is opening for you to try on Okta Beta. You’ll be able to connect to the cloud and clean up your instances without losing data or impacting users. If you have an Okta account, you can login and sign up for this beta’s contact list and any others’ on the Okta Beta Program Home page.
ID anywhere
Recent changes to Okta’s core SSO services include connection to any identity provider (IDP) using modern authentication standards. The use of OpenID Connect is also available. This means you can immediately leverage the latest security standards to authenticate your users. Web accessibility, access tokens, and linking accounts to other IDPs have also been improved.
In the next few months, we plan to release new identity features to try on Okta Beta. These include a generic login to enable connections to multiple Okta organizations, or logging with other IDPs such as Google. Previously, you may have needed a custom implementation and routing based on the user, device, network, and application they’re trying to access. Now, it’s simplified.
Customizable user experience
Okta has been working hard in configuring the sign-up and sign-in experience, letting you create your own ideal experience. Recent progress includes letting you send emails during the sign-up, registration, or login flows from your own email domain, not a [email protected] address. Furthermore, you can customize and send emails in any of Okta’s newly supported 23 languages. A new user’s first-day onboarding experience has also been improved with Okta’s most requested feature: admin managed tabs. Admins can now customize what applications users will see on their first login. Rather than showing newcomers a huge list of every app they have access to, they will have a small, organized subset. There’s also a new account lockout flow, allowing end users to get themselves back into Okta rather than relying on an IT administrator’s help.
Customized URL domains and hosted pages are also coming to Okta Beta. This means that instead of logging into yourcompany.okta.com, users can now simply log into yourcompany.com. This feature is part of a full whitelabeling experience with your own login screen, error recovery, links, information, and anything else you want. There will also be tailored, policy-driven enrolment that allows IT teams to decide if, for example, security questions should be required for new users.
Securing the API economy
Okta believes API economy and access management are the future of application development. We’re always striving to make more developer-friendly APIs and widgets. One year ago, API access management was focused on internal use and internal resources. Now, Okta has added functionality to cover broader use cases and enable third-party access. With fine-grained security control, you can build APIs and expose them to other stakeholders who need access.
Coming soon on Okta Beta will be OAuth 2.0 User Consent for your API. This gives you additional management features in granting and revoking API access to third-party users. It also gives users the opportunity to decide if they trust you, what permissions they need to grant, and what information they will gain access to. We are also working to extend OAuth and OIDC support through enhanced policies and encrypted JWTS.
At the moment, we’re hosting our highest number of simultaneous betas at once. They’re not all open yet, but add yourself to our contact list anytime to try these exciting new features as soon as they’re ready.
If you are already an Okta partner or community member, visit the Okta Beta Program Home page to find out more about upcoming betas.
If you are new to Okta, visit our product page to learn more about we can do for your business as your identity solutions vendor.