Okta Single Sign On (SSO) and Multi-Factor Authentication (MFA)
Okta is a cloud-based Software as a Service company. They primarily offer cloud-based Multifactor Authentication (MFA), Single Sign On (SSO), and Identity And Access Management (IAM) services to their customers.
Bomgar Privileged Identity (formerly Lieberman RED IM) enhances the Okta Single Sign On (SSO) service as summarized below.
Okta Password Reset Credential Provider (CP)
Okta provides a self-service password reset capability that allows end users to reset their AD credentials from any browser without admin intervention. Bomgar Privileged Identity's Credential Provider extends Okta by enabling this feature from the Windows desktop login. Our Credential Provider handles the sequence and directs the end user to their corporate Okta single sign-on page.
Bomgar Privileged Identity's MFA application allows Windows users to use Okta Verify Multi-Factor Authentication when logging into target Windows systems. This means that users will be prompted for an Okta Verify one-time password when they login which they will retrieve from their smartphones to gain access to target Windows systems.
Improves security by prompting for “Something That You Know” (username and password) and “Something That You Have“ (Okta Verify one-time password)
Protects against the most common attacks: Phishing, Guessed passwords, Key loggers
Choice of factors: OKTA Verifier code, OKTA Verifier Push, SMS, Google Authenticator, Security Question, Voice Call
Easy to deploy, easy to use: Flexible policy, Self service configuration
Okta SAML Authentication
Grant Okta users secure and seamless access to sensitive systems, applications and credentials – both on-premises and in the cloud.
SAML authentication provides a secure Single Sign On (SSO) process that lets authenticated users access Bomgar Privileged Identity in the same way they access their other applications. The integrations ensure that only authorized and audited personnel can access the privileged credentials stored in Privileged Identity.
To further enhance the authorization process, Privileged Identity can also process group membership assertions made by the SAML provider or even filter for specific assertions to ensure too much access is not accidentally granted.
Simplified user lifecycle management is another benefit of the SAML authentication integrations. Former employees and contractors lose their access to Privileged Identity when they are cut off from their federated authentication service.