What is our primary use case?
SSO and MFA: To extend Identity Authentication on the existing IAM identity and account operations to the multiple domains for administrative and help desk personnel. Improve consistency of the identity management processes across the organization and improve compliance with governance mandates.
The access management with Okta revolves around the establishment of a single authentication store (reducing the number of accounts), which will allow the migration of existing applications to federations, or a common identity store. It will also establish a suite of centralized authentication services that can be used for future applications and systems platforms.
How has it helped my organization?
- Enabled MFA to access federated applications as well as increased user satisfaction through improved provisioning times and more reliable processes.
- Reduced costs associated with paying for AD accounts for customers who use corporate applications (currently 4000+ customer IDs exist within the AD forest – these require a license at a substantial cost to the organization).
- Increased productivity through centralization of IAM Authentication - Authorization operations to a single tool (ISIM), and better operational resiliency with distributed administration (Common tasks can now be handled by a more diverse set of individuals across the organization.
What is most valuable?
SSO and MFA for improved end-user experience, and protection against password spray attacks, account password self-service. Extend Identity Authentication and authorization management operations. Extend the existing IAM identity and account operations to divisional administrative and help desk personnel. This improves the consistency of the identity management processes across the organization. Obfuscating the AD account infrastructure from the application infrastructure to reduce risk and vulnerabilities associated with tying externally facing applications to corporate accounts.
What needs improvement?
- Passwordless authentication.
- Integration with the user provisioning infrastructure to track all entitlement changes; simplify the modeling of the role and access definitions at every stage of the user life cycle.
- Automation of the entire entitlement and role review process, in alignment with business needs and requirements as stated by business leaders and managers.
Oversight in the form of dashboards reconciling and centralizing information for immediate insight into the status of access reviews and certification processes.
For how long have I used the solution?
How are customer service and technical support?
Which solution did I use previously and why did I switch?
I did not have another access management solution in place prior to implementing.
How was the initial setup?
It was straightforward for access management with SSO and MFA. It was complex to implement password synchronization between AD domains.
What about the implementation team?
We implemented directly with the solutions provider.
Which other solutions did I evaluate?
We evaluated IBM Access Manager but decided to go with a cloud-based product.
Which deployment model are you using for this solution?