by Rakesh Sharma
Published on 10 August 2011
Sometimes, I wish we were back in simpler times when I had to remember only my email username and password.
Given the increasing amounts of information that we have to deal with, login credentials should be the least of our worries. Unfortunately, the worldwide web's growth has paralleled an explosion of sensitive and behind-closed-doors information.
I went into tizzy recently when I forgot my online banking username and password. I tried practically every variation of my personal detail; eventually, I had to request a machine-generated impersonal password that was gibberish but, apparently, compliant with their strict password requirements.
This week we will review a product that claims to make things easy. Okta is an online identity management solution that takes care of managing your credentials and access web-based applications - both in the cloud and behind the firewall. We will review it's interface, functionality, and see how it can be of use to you.
The story behind Okta
Okta uses the concept of a single sign-on to allow access to multiple web applications by signing in once with a single set of credentials. This means an end user can now access applications such as Google Apps, Salesforce.com, Concur Solutions using a single username and password. According to Eric Berg, VP of Products at Okta, Salesforce alumni - Todd McKinnon and Frederic Kerrest developed Okta to provide a broad platform for IT teams to rapidly deploy and manage applications. After conversations with customers, the founders discovered that single sign-on and user provisioning (creating user accounts and managing user access levels to multiple applications) was a major pain point for customers. They discovered that, in the case of cloud applications, the problem was compounded by the fact that cloud applications are often purchased and managed by business owners instead of IT teams - which results in poor security visibility and control of application access.
Okta was founded in 2009 to plug this gap. The service has seen explosive user growth since launch. "Usage of Okta's 100 percent on-demand service has ramped dramatically to power over one million authentications per month," says Berg.
About user provisioning in Okta
As mentioned earlier, Okta calls itself an identity and access management provider. This means you can add or remove user access to applications. But, that's just the basics. "We offer full user lifecycle management and workflows, complete and actionable reporting, and integrated multi-factor and security access policy capability," says Berg. In simple words, this means you can add, remove, group, report, and set individual policies for each user in the application.
The application takes away the clutter of multiple users, passwords, and access levels to provide a simplified login procedure. The centralized dashboard displays a snapshot of your application and user activity. The people and application panels enable you to manage users and applications. You can control security parameters such as session lifetime and login attempts before lockout using the Security panel.
I was especially impressed with the application's Active Directory integration. "We understand that most customers have Active Directory as their main user repository for authentication. Customers are looking to extend Active Directory to their cloud applications for the purpose of authentication and account provisioning," says Berg. So, Okta comes bundled with an application network, which includes key business applications such as Zoho or Assistly just to name a couple.
You can enable Active Directory login with the application using a downloadable agent. This makes it easier for you to login to Okta with your Windows username and password. Thus, you don't have to worry about having another username and password.
Despite the convenience and easy-to-manage workflow, I had two questions regarding the solution;
The first (and more important one) was about security. Given that cloud applications require multiple identities from personal (such as Google Apps and Facebook) to business (such as Salesforce.com), is it a good idea to share multiple usernames and passwords with their solution? Berg explains the answer in terms of trust and technology issues. "Active Directory passwords in our system are not stored; instead, we simply do a runtime authentication of the passwords," he explains. He adds that many Okta customers are either public or in highly regulated industries, so they we understand the acute requirement for security integrity."
The other question I had relates to their administration. Can a business expect IT cost cutting in network management when it buys their solution? Yes, says Berg. "Our customers buy us to lower their IT administration cost such as reducing help desk support for password resets; decreasing the time to provision and deprovision user accounts; reducing hardware and software cost; and eliminating custom integration for Active Directory.".
The basics: what does it look like ?
"We fundamentally believe that "even" Services that include IT users should have the same ease of use you would normally expect in consumer products," says Berg. This belief has translated into a simple and easy-to-use interface. A global navigation enables administrators to move between various features. You can also customize the page appearance and look-and-feel for your organization. Similarly, email templates can be customized for user activation and password reset notifications
Supporting users: what's that like ?
The application has tried an interesting approach to Help links. Instead of a single context-sensitive help, they have installed a help link under each option. While the idea is to remain context-sensitive, I am not sure if this approach serves the purpose. For example, there might be instances when the user might want to know about a different concept (related to that screen). This means that the user would have to navigate back to a different page, thus multiplying the number of steps required to accomplish a task.
Is it for you ?
Whether you are a business starting with your first cloud application or an aggressive adopter with multiple cloud applications, and you are concerned with security and ease of access to these applications, then this solution is for you. Costs are minimal but the peace of mind that it brings, in the words of a popular advertisement, is "priceless."