Endpoint

5/23/2018
01:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Okta Launches 'Sign In with Okta,' Business Authentication for App Providers

'Sign in with Okta' is designed to give developers a faster alternative to SAML, simplify single sign-on for IT admins, and help eliminate app passwords for users.

LAS VEGAS  — May 23, 2018 — Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity for the enterprise, today announced Sign In with Okta, a secure authentication system for app providers and developers that combines the ease of social authentication with the security of enterprise infrastructure. Fuze, OrgWiki, VMware and Zylo are launch partners of Sign In with Okta.

Since 2016, Okta has supported OpenID Connect and today, the company is making it easy for developers to use OpenID Connect as an alternative to SAML. With Sign In with Okta, any app and service can easily add a federated Single Sign-On experience for both their B2B customers and the extended partner, supplier and contractor ecosystem. SSO configuration is made simpler for IT, and users gain access to more applications without the burden of additional usernames and passwords.

“Our partners are increasingly coming to Okta as the central connection to thousands of apps and services – and we wanted to make it easier for those technologies in our ecosystem to offer the best experience possible for our customers,” said Todd McKinnon, Chief Executive Officer and co-founder, Okta. “Sign In with Okta takes the challenge out of building a simple, secure user experience. By accelerating developers’ ability to provide secure access for enterprise users – be they B2B customers, partners, subsidiaries or internal employees – to their app or portal with one simple button, we’re able to extend the benefits of Okta’s simple, identity-driven security to everyone in our ecosystem.”

Rather than going through the process of integrating a SAML toolkit, developers at organizations such as Fuze, OrgWiki, VMware and Zylo are adding the Sign In with Okta button, saving weeks of development time. And by adding Sign In with Okta to their product or portal, developers can accelerate adoption throughout the enterprise both by meeting security standards needed by enterprises and by making it easier for IT administrators to integrate and manage – and end users to get access to – an application via Okta.

In addition, Sign In with Okta makes it easier for an enterprise to connect its business partners, such as suppliers and contractors, to an application by allowing partners to use their Okta organization credentials to sign in; Sign In with Okta allows partners to bring their own identity. With no responsibility for securing the passwords of a partner, enterprises can eliminate the inherent risks of maintaining third-party passwords. Further, a company can forgo building authentication and managing user credentials for their B2B app, saving time and money with Sign In with Okta.

"Okta makes it easy for OrgWiki users to log in with the right account, similar to sign-in tools for social authentication," said Chris van Loben Sels, General Manager, OrgWiki at Veeva Systems. "Our developers were able to quickly implement business authentication into the application, and deliver customers strong security and identity management across all their users."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.