Secure your application through the SURF Security browser and Okta
Introducing Universal Logout with SURF Security
In a rapidly evolving cybersecurity landscape, protecting digital assets and user data is more critical than ever. As Identity-based attacks continue to surge, organizations need powerful, real-time solutions to stay ahead of threats.
Identity Threat Protection with Okta AI is a comprehensive solution designed to combat these emerging challenges. At the heart of this capability lies Universal Logout, a powerful feature designed to swiftly mitigate risks when user accounts are compromised.
SURF Security brings its innovative enterprise browser — built with security at its core — to defend against breaches and protect users from social engineering attacks.
Today, we're excited to announce a strategic partnership that takes this protection to the next level. Okta has joined forces with SURF Security to integrate Universal Logout with SURF's enterprise browser. This collaboration combines Okta's industry-leading Identity management with SURF's cutting-edge browser security, creating a formidable defense against the ever-evolving landscape of cyberthreats.
Recent cybersecurity trends underscore the urgency of this partnership. A Forbes report revealed that in 2023 alone, approximately 2,400 cyberattacks affected 343 million victims, with data breaches surging by 72% compared to 2021. In response to this increasingly treacherous landscape, organizations are tightening controls on application access. Our integration of Okta's Universal Logout capability with SURF Security's enterprise browser enables swift action when user accounts are compromised or employee access needs to be immediately revoked.
Let's explore the powerful synergy between Okta and SURF Security, and how it empowers you to respond swiftly and decisively to potential security breaches.
How does it work?
Okta admins can now configure the SURF Security browser in the application catalog to perform single sign-on (SSO) and Universal Logout. The user will authenticate to Okta creating a session between Okta and the SURF browser. The user will access all their applications using the browser. Using the established session, the user will SSO into those applications. Okta admins are required to configure the ITP-SSF integration, entity-risk policy (ERP), and post-auth session policy (PASP). Visit our blog Identity Threat Protection with Okta AI to learn more about Okta Identity Threat Protection.
When an incident occurs, such as a suspicious sign-in, sign-in from a risky IP address, or token theft, our ITP Risk Engine will be notified about the incident, and the AI engine will evaluate the risk level for the session and the user. Based on the ERP and PASP setup, the policy engine will trigger the Universal Logout. Okta’s framework will call the SURF Security browser’s Kill Session API. This API will suspend the user and revoke the active sessions and tokens issued to the browser across all devices. This would result in immediate logout from all accessed applications and all devices. The user would be forced to re-authenticate to the Identity provider (possibly Okta). Based on the incident, users may need to take some actions to lower the risk level and sign back in to the SURF browser.
Why Universal Logout with the SURF Security browser?
Okta introduced Universal Logout with only one intent: to protect your applications and data from attackers. With this partnership, we deliver:
- Immediate logout: Killing all active sessions and tokens logs the user out of the SURF Security browser immediately. If conditional access is defined to access applications from SURF, the user will be completely locked out of those applications.
- Prevent logging back: Users will have to remediate their risk, re-verify their identity, and generate a new session with Okta to access the SURF browser. Until then, Okta treats the user as suspicious (secure first model).
- Increase productivity: Many organizations waste time and money identifying an incident, investigating, and taking appropriate action. With Universal Logout integration between SURF and Okta, SURF will take care of that entire process.
You can achieve the highest level of security and quick response time to a security incident with this partnership between Okta and SURF. Identity Threat Protection with Okta AI and Universal Logout support for SURF Security Browser are Generally Available. You can configure and test the feature now. For more details, visit our documentation center.
Feel free to reach out to your Okta account team for more information on Identity Threat Protection and this new partnership with SURF Security.