Enterprise identity provider Okta is launching a new set of contextual access management capabilities that will allow businesses to eliminate passwords.
New Adaptive Single Sign-On (SSO) and enhanced Adaptive Multi-Factor Authentication (MFA) products allow decisions based on signals such as device, IP and geolocation context for smarter, more secure identity and access management.
“The best password is no password at all. Today’s threat actors are targeting the weakest point of your company’s security — your people — and too many are successfully compromising their accounts due to poor or stolen passwords,” says Todd McKinnon, CEO and co-founder of Okta. “Over the past few years, we’ve invested heavily in new security and authorization technologies that provide the right level of protection for the many apps and services an organization uses today, which can vary by company, by app, by user, and by scenario. Now we’re using those signals across a user’s login context to improve an organization’s ability to set stronger access controls and make faster, more intelligent decisions when there may be a concern — and allow companies to replace the password with stronger, simpler authentication.”
Companies can set contextual access policies both for people within the enterprise and in their digital products for customers. For example, if a user attempts to authenticate from a recognized IP address, on a known device and on the company’s corporate network, they would be considered ‘high assurance’ — and the user would not be required to enter a password in order to login. Instead, the user would be prompted for an alternate factor, such as Okta Verify Push.
On the other hand, if the user attempts to authenticate from an unmanaged (though known) device but in a new location, the user would be considered ‘moderate assurance’ and be prompted both for a security question and a second factor. If access is attempted from an unmanaged and unknown device and from a connection with a high threat level, the user would be considered ‘low assurance’ and Okta would disallow access.