New ways to implement least privilege with Okta Workforce Identity
In today’s sophisticated threat landscape, it’s become clear that to get security right, you have to get Identity right. As a matter of fact, over 80% of data breaches involve compromised Identity.*
Okta takes a comprehensive approach to modern Identity security, as evidenced by our Secure Identity Commitment. This commitment is bolstered by four pillars, including a promise to provide market-leading secure Identity products and services. We’ve recently introduced a few new features that make good on this promise and offer new ways to enforce least privilege that are easy to adopt and deploy. Check them out below.
Govern Okta Admin Roles
We recognize that Identity-based attacks have moved closer to the critical Identity infrastructure organizations rely on for security. Standing access to sensitive administrator privileges in Okta can present a target for malicious actors. To help protect against these attacks, we’ve introduced Govern Okta Admin Roles. This new feature will help organizations minimize and monitor standing privilege for Okta admins without impacting productivity. By leveraging governance functionality within Okta Workforce Identity, you’ll be able to use:
- Access requests to allow organizations to provide time-bound access to Okta admin roles via self-service access requests.
- Access certifications to enable organizations to automate ongoing reviews of existing access to Okta admin roles.
- Entitlement management to support more granular governance of specific or custom Okta admin roles.
Resource Centric Access Request Catalog
Maintaining least-privileged workforce access is a nuanced yet critical component of any organization’s security strategy. This effort becomes even more complex when you factor in managing access across a never-ending list of resources, each with its own entitlements and approval flows. To help streamline this process, Okta has launched the Resource Centric Access Request Catalog as part of Okta Identity Governance.
This new catalog provides a more integrated experience that allows
- Admins to create reusable approval flows enabling them to assign time-bound resources at scale and reduce manual errors
- End users to view a personalized library of accessible applications and request access directly from the Okta end-user dashboard.
The Resource Centric Access Request Catalog helps maintain least privilege at scale while still enabling end users to quickly access the resources they need to do their jobs. The Resource Centric Access Request Catalog is now generally available for all OIG customers.
Workflow templates for access certifications
Historically, certifications have been used to meet compliance requirements. But building certifications with flexible automation and orchestration allows them to be used to enforce least privilege across critical resources, groups, and highly targeted end users.
By leveraging Okta Workflows to extend and customize the capabilities of Access Certifications within and beyond Okta, you can unlock these new security use cases. To get you started, we’ve created more than 30 Workflows templates that programmatically create:
- Application Resource Campaigns: target a subset of users, with or without their entitlements, and a variety of reviewers at the application level
- Group Resource Campaigns: target a subset of users with a variety of reviewers at the group level
- User Based Campaigns: include applications with or without entitlements and groups for a specific user
Certification campaigns are critical to meeting security and compliance objectives. By extending the power of OIG with these Workflows templates, you’ll be able to review and certify faster and easier. Get started with these templates here: https://{Okta org name}/app/templates/okta_identity_governance_access_certification_camp
Still need to determine where you land in your Identity maturity journey? Read on here to outline the steps you need to take to reach your security goals.
*Verizon 2024 Data Breach Investigations Report, Figure 7
