Okta’s Identity Cloud Updates Aim To Better Secure Against Credential Theft, Account Takeover

Okta is updating the Adaptive Multi-Factor Authentication capabilities of its Okta Identity Cloud.  The updates aim to help ensure only the proper people get access to the right resources – and at only the appropriate time.

Tags: authentication, cloud, credentials, hacker, identity, multifactor, Okta, security,

With a vast majority of data breaches involving stolen or weak credentials, Okta is updating the Adaptive Multi-Factor Authentication capabilities of its Okta Identity Cloud.


Safeguarding end users has become increasingly difficult in recent years with the proliferation of mobile apps and devices tied to cloud technologies, according to Okta’s chief security officer Yassir Abousselham. As a result, security “starts and ends with authentication,” he said.


In fact, Abousselham makes the case that authentication should be a core focus for IT admins and CISOs looking to secure their diverse and distributed enterprise resources – apps, data and users.  “Identity is now the security team’s last control point because security can’t manage every single person, device and app; what they can control is who has access to information, and when,” he said in a statement.


So, to help IT and security teams manage the complexity of identities and access controls, Okta’s latest update to its cloud-based Okta AMFA adds what Abousselham called “the ability to [let IT admins] make smarter security decisions based on context.”  The new features aim at “helping to ensure the right person gets access to the right resources, at the right time,” he added.


“By using context, Okta AMFA gives the right users access only to the data and application permissions they need, at the right time – easily and securely,” Abousselham added. “Now Okta is applying AMFA to an even broader set of applications, and can now be used for RDP, LDAP, other SSO products, ADFS, custom web apps and RADIUS, resulting in exhaustive coverage of all applications in the Okta Integration Network.”


In specific, Okta Identity Cloud’s AMFA adds these capabilities:

Integrating and securing more than 5,000 applications, IT infrastructure and devices in the Okta Identity Cloud, making creating and maintaining secure credentials easy.


Addition to cloud-based authentication services to further mitigate the risk of data breaches from compromised credentials for every Okta user.


Okta Single Sign-On now includes a simple one-time passcode strong authentication for all users - making two-factor authentication now the standard for everyone that uses Okta.


Because reusing the same password across accounts makes it easier for threat actors to gain access to credentials, Okta is rolling out a compromised password detection feature, which will prevent all Okta users from using commonly used passwords and passwords that were exposed as part of publicly known data breaches.

For instances where more robust security is required, Okta AMFA also provides a comprehensive set of authentication factors and a robust policy framework that supports contextual access management and adaptive, risk-based authentication.


In a company blog post, Eric Berg, Okta’s chief product officer, highlighted some of the challenges of identity-based security:

The scope of what an IT department manages today is changing rapidly. They have to continue to secure and manage their existing on-premises technology while also taking advantage of the cloud to modernize their systems, become more competitive and better serve their users and the business. And the definition of the users that they need to serve has also expanded. Employees are still a critical user population, but in today’s increasingly networked and collaborative business world, IT also has to secure and manage access for contractors, partners, suppliers and contingent workers. The numbers associated with those users are typically much larger and more transient in nature.

Okta’s latest features build on a wide array of security features already available in the Okta Identity Cloud, which was designed from the stat to closely monitors access behaviors over time. The aim has always been to determine when/where potential threats may arise from bad actors with stolen credentials or unauthorized access. 


The Okta Identity Cloud already:

  • Secures authentication with adaptive MFA and contextual access management, federated SSO and login vaulting.
  • Offers access remediation controls, including step-up authentications (as well as out right denial).
  • Provides visibility through a range of on-going activity reports, including on system logs.
  • Can understand potential security threats, by gathering and translating data. This allows Okta to detect and alert on unusual login attempts and other threats.


Berg called out the special benefits that Okta’s cloud-based approach offers to customers looking for such “proactive” and “predictive” secure capability. “Now Okta is sharing that intelligence across the network,” Berg said. “This allows organizations to both manually blacklist IP addresses when being attacked and create a policy-based blacklisting for geographies using information such as country and proxy status,” he added.