Okta’s mission to standardize Identity Security
Identity is under attack. Over 80% of data breaches involve compromised Identity,* the main enterprise security entry point for workforce and consumer applications.
Lack of standardization is a major reason for this. Without a unifying industry standard for Identity Security that provides full visibility into every part of the technology stack, organizations remain vulnerable. That’s why now is the time to fundamentally reevaluate how we think about Identity Security and move to a world where every enterprise app speaks a common language.
IPSIE: An industry game-changer
This year, Okta announced the Secure Identity Commitment — our long-term pledge to lead the industry in the fight against Identity attacks. One way we aim to achieve this is by helping to standardize Identity Security across the industry so we can foster an open ecosystem where people can seamlessly and efficiently build and use enterprise apps that are secure by default.
Okta has made a giant leap forward in this pursuit by leading the formation of a working group within the OpenID Foundation to create the first unified Identity Security standard for enterprise apps, resources, and workloads: Interoperability Profile for Secure Identity in the Enterprise (IPSIE). This open industry standard will enhance the end-to-end security of enterprise SaaS products and provide a framework for SaaS builders to more easily meet evolving enterprise security needs.
IPSIE will bring together an opinionated set of existing and new standards, covering a wide range of proposed use cases, including:
- Single sign-on (SSO) to centralize login, policies, and enforcement (OIDC)
- Lifecycle management to secure user on/offboarding and prevent security risks like orphaned accounts and shadow directories, avoiding unauthorized access (SCIM)
- Entitlements (governance/ privileged access) to enforce least privilege access and move toward zero standing privileges (SCIM)
- Risk signal sharing to get seamless security insights and share them across the entire security ecosystem (CAEP/SSF)
- Session termination and token revocation to immediately terminate all user sessions in response to detected threats
As a result, IPSIE will provide the framework for any enterprise apps to be discoverable and governable and to support SSO, SCIM, and continuous authentication through a variety of use cases.
Enabling choice and security across SaaS — for customers and SaaS builders
Adopting interoperable Identity Security standards enables consistent security outcomes across any SaaS application, ensuring effective measures regardless of which apps an organization uses. A standardized approach to Identity simplifies compliance and reduces integration challenges, promoting flexibility in an organization’s tech stack.
Enterprises gain enhanced end-to-end security across their enterprise apps and SaaS products, including centralized login, secure user lifecycle management, privileged access control, cross-stack security event sharing, and continuous threat response. They simplify integration and management and future-proof their security infrastructure.
And SaaS builders gain a unified framework to meet evolving enterprise security needs and implement robust security features, boosting product appeal. A single Identity Security framework streamlines development and integration, allowing teams to focus on high-impact tasks.
Okta makes it easy to adopt a single Identity Security standard
Okta is committed to making it easy to adopt the new Identity security standard – for those building SaaS applications and for those using them. We are investing in tools and products to make this easier across both Workforce Identity Cloud (WIC) and Customer Identity Cloud (CIC). As a result, CIC will help SaaS apps to be built to this standard, and all WIC customers will be able to integrate with SaaS apps that are secure by default.
This month, Okta is announcing over 125 new Secure Identity Integrations that bring advanced security to some of the biggest SaaS apps, enabling customers to enhance their security and reduce operational burdens by adhering to modern Identity Security standards — from SSO and lifecycle management to Identity automation, security posture visibility, and remediation. The integration will not only benefit Okta WIC customers using the Okta Integration Network (OIN), but CIC customers as well.
Okta has recently released several new capabilities that enhance security and provide ease of implementation for SaaS builders along with CIC and WIC customers. CIC provides an inbound SCIM service that enables the automation of user account provisioning and deprovisioning across multiple systems and apps. The out-of-the-box support for top Identity providers eliminates the need for SaaS builders to develop or self-host any custom endpoints.
Additionally, a Universal Logout service automatically signs employee identities out of SaaS apps managed by CIC when a logout or de-provisioning event occurs in WIC. And soon we’ll offer an express configuration process that allows WIC customers to seamlessly and automatically set up CIC-enabled OIN SaaS integrations by connecting CIC and WIC platforms, eliminating the need to manually enter app instance properties.
We believe the new, single Identity Security standard being created is an industry game-changer. Open and available to everyone, it has the potential to transform enterprise SaaS security. Initiating the IPSIE working group is just one step in Okta’s commitment to elevate our industry and champion customer best practices.
Okta will continue working with third-party standards bodies, Identity providers, and independent software vendors to create open, interoperable standardization across Identity security to benefit all organizations. The larger the ecosystem, the more secure our industry becomes and the closer we are to free everyone to safely use any technology.
Learn more about IPSIE from the OpenID Foundation or find out how developers can get their apps IPSIE-ready with Auth0 tools in our quick start guide. Want to provide feedback or engage in the conversation? Join the Okta Community.
*Verizon 2024 Data Breach Investigations Report, Figure 7
Follow Aaron Parecki
