Endpoint

5/23/2018
01:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Okta Launches 'Sign In with Okta,' Business Authentication for App Providers

'Sign in with Okta' is designed to give developers a faster alternative to SAML, simplify single sign-on for IT admins, and help eliminate app passwords for users.

LAS VEGAS  — May 23, 2018 — Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity for the enterprise, today announced Sign In with Okta, a secure authentication system for app providers and developers that combines the ease of social authentication with the security of enterprise infrastructure. Fuze, OrgWiki, VMware and Zylo are launch partners of Sign In with Okta.

Since 2016, Okta has supported OpenID Connect and today, the company is making it easy for developers to use OpenID Connect as an alternative to SAML. With Sign In with Okta, any app and service can easily add a federated Single Sign-On experience for both their B2B customers and the extended partner, supplier and contractor ecosystem. SSO configuration is made simpler for IT, and users gain access to more applications without the burden of additional usernames and passwords.

“Our partners are increasingly coming to Okta as the central connection to thousands of apps and services – and we wanted to make it easier for those technologies in our ecosystem to offer the best experience possible for our customers,” said Todd McKinnon, Chief Executive Officer and co-founder, Okta. “Sign In with Okta takes the challenge out of building a simple, secure user experience. By accelerating developers’ ability to provide secure access for enterprise users – be they B2B customers, partners, subsidiaries or internal employees – to their app or portal with one simple button, we’re able to extend the benefits of Okta’s simple, identity-driven security to everyone in our ecosystem.”

Rather than going through the process of integrating a SAML toolkit, developers at organizations such as Fuze, OrgWiki, VMware and Zylo are adding the Sign In with Okta button, saving weeks of development time. And by adding Sign In with Okta to their product or portal, developers can accelerate adoption throughout the enterprise both by meeting security standards needed by enterprises and by making it easier for IT administrators to integrate and manage – and end users to get access to – an application via Okta.

In addition, Sign In with Okta makes it easier for an enterprise to connect its business partners, such as suppliers and contractors, to an application by allowing partners to use their Okta organization credentials to sign in; Sign In with Okta allows partners to bring their own identity. With no responsibility for securing the passwords of a partner, enterprises can eliminate the inherent risks of maintaining third-party passwords. Further, a company can forgo building authentication and managing user credentials for their B2B app, saving time and money with Sign In with Okta.

"Okta makes it easy for OrgWiki users to log in with the right account, similar to sign-in tools for social authentication," said Chris van Loben Sels, General Manager, OrgWiki at Veeva Systems. "Our developers were able to quickly implement business authentication into the application, and deliver customers strong security and identity management across all their users."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20031
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2018-20032
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...
CVE-2018-20034
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2019-3855
PUBLISHED: 2019-03-21
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3858
PUBLISHED: 2019-03-21
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.