Okta is making big investments in on-premises identity
Okta is also working to bring more context into access decisions.
Last week in San Francisco, Okta held a half-day event called Okta Showcase. It was billed as a combination of their internal product launch events and a miniature version of Oktane, their yearly conference, and it was pretty well done.
It’s been six months since Oktane 2019, so it’s a good time to check in on their strategy and product updates.
Okta’s push on premises
Okta announced the Okta Access Gateway for on-premises apps back at Oktane, and now it’s clear that this is a pretty major investment and part of their strategy. It will be generally available on November 1.
The Okta Access Gateway can be installed on premises or in the cloud infrastructure-as-a-service of your choice, and it supports apps that use header-based, Kerberos, or URL-based authorization. Access can be managed down to the URL level, so it can be used to control functionality within apps, as well.
On the other side, it’s integrated with Okta’s core cloud-based identity platform, so it can take advantage of all of the policies, authentication mechanisms, workflows, and integrations that customers already have set up. You can read about it in Okta’s docs, which are publicly accessible.
Rather than partnering with or acquiring some sort of on-premises web access management process, Okta is hoping that their customers will appreciate extending a cloud product back to on-prem environments, instead of the other way around.
Indeed, this is a big checkbox for Okta customers, as it will enable them to unify more of their apps under a single access management strategy.
Security context integration
Like just about everyone else in the EUC space, another one of Okta’s priorities is bringing more contextual data into access decisions, through integrations with third-party security products, unified endpoint management platforms, and so on.
The challenge is that all these integrations can be a lot of work. This goes beyond just federated identity; instead Okta has to take in richer data, often via custom APIs, and then make sure it’s useful for access decisions.
I asked Okta’s new chief product officer, Diya Jolly, about their strategy here. She pointed out that Okta already has a huge catalogue of integrations that they’ll lean on, and that the network effect will be an incentive, as well.
Many of the apps in their catalogue are business applications, not security services, but either way, Okta’s mindshare in the space, combined with the network effect, should put them in a good place.
In other news last week, Okta announced two new capabilities under the umbrella of its SecurityInsights features.
First, there’s HealthInsight, which looks at your environment and recommends policies to turn on. Then there’s UserInsight, which allows users to report suspicious behavior. For example, if they get one of those emails that says, “You just logged on from a new location. Was that you?” they can report is if it wasn’t them.
Okta also announced new scaling capabilities for customer-facing identity. Under DynamicScale, customers can handle 500,000 authentications per minute.
Farther out roadmap
One of the most interesting sessions actually came back at Oktane, when Okta presented their near-term (next 24 months) and long-term (more than 24 months out) roadmap. (Click on the Closing Keynote video here.) Among other things, there was talk of creating what sounds like a social identity provider, but for the enterprise, as well as farther out, a social identity provider aimed at consumers. Overall, there’s a lot to keep an eye on here.