Identity is a critical function for organizations. If you’re the poor soul responsible for the IT systems for a huge corporate, wrangling potentially hundreds of thousands of individuals – employees, contractors and other stakeholders – and ensuring they have the appropriate access to the data and systems they use, is a significant task.

One of the key requirements for an enterprise is to ensure individual access to the different applications they use. In recent years we have seen a slew of vendors step up to help with this take. Companies like OneLogin, Ping Identity, and Okta do a good job of the Single Sign On (SSO) tasks – allowing users to authenticate with a single password and login, and from there to gain access to the disparate systems they need to use.

But once SSO is sorted, there is still the underlying identity plumbing that needs to be reinvented for a cloud-first world. This is where Okta’s identity cloud comes in, attempting to subvert the hugely dominant role that Microsoft’s Active Directory has in the identity world.

Okta’s Identity Cloud is aimed to help IT teams manage employee, customer, partner or contractor access to applications or devices. The new LDAP interface takes this a step further by allowing LDAP-enabled applications to directly authenticate against Okta Universal Directory. In doing so, Okta enables IT teams to authenticate not only applications but also developer tools, databases, or other legacy apps. It also allows them to gradually remove their reliance on on-premises directory systems. By using Okta’s offering as their core directory, they can cover their identity requirement for nearly all of the applications and systems they need to cover. This removes the need for on-prem directories and empowers organizations to go 100 percent native cloud and mobile.

Eric Berg, Okta’s Chief Product Officer puts the case for why this is a necessary move:

Since day one at Okta, we have been focused on delivering an identity service that helps IT teams manage and secure access in a constantly changing world. Initially those access challenges were about connecting employees to cloud applications from a web browser – but the breadth and depth of those challenges has expanded dramatically.

Today IT has to think about employees accessing application from any device – be it company-owned or BYOD. Beyond employees, they also need to provide secure, seamless access for contractors, partners and contingent workers in an ever more collaborative business environment. And as companies everywhere pursue an API strategy as they are transforming their business, IT also has to transform and provide secure, seamless access to those APIs for developers within and outside of their organization.

Traditional identity products have not been able to keep up with this expanded IT agenda – their answer has been to acquire point product after point product, resulting in sprawling product portfolios and less customer value. The Okta Identity Cloud has and will continue to keep pace with the ever-changing identity needs of Enterprise IT.

Deeper integrations and broadening identity touchpoints

With this release, Okta has expanded and deepened the set of integrations that it connects to in order to cover more of its customers’ core requirements. From network security, with partners such as Cisco and Palo Alto Networks, to security analytics, with partners such as IBM QRadar, Rapid7, and Splunk – Okta is building a broader ecosystem of partners.

Okta is also extending its offering with self-service registration and lifecycle policies that enable IT to automate access for external users such as customers or partners, from registration to audit. In a world increasingly reliant on external consultants and contractors, and less looking to rigid employment structures, this move answers a real need. The new registration flow enables IT teams to automate access across the lifecycle – from onboarding through offboarding – for external users where an identity is not mastered from a directory, HR, CRM or partner system.

Success for the cloud-only customers. But does this translate?

Okta customer Vivint Solar has embraced a cloud-only model for its largely mobile workforce of 4,500 employees. As such, Vivint has no legacy infrastructure, services or software to worry about and is hence free to make product decisions without constraints. As a greenfield prospect, it is perhaps unsurprising that Vivint went with a cloud identity vendor to match their other service.

While Vivint is a great case study and certainly makes a good point about identity products for companies that are “all in” with the cloud, this doesn’t necessarily translate to organizations with legacy services to consider. I’d like to see Okta front foot a customer that is covering all of their identity needs – both on-premises and cloud – with Okta’s cloud identity product.

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

Leave a Reply