Challenges of Identity and Mobility for Office 365

Okta and Slalom Consulting have extensive experience with a wide range of Microsoft technologies and services. Rick and Daniel have been advising clients on Microsoft strategy for years and Simon works closely with Okta’s Microsoft account teams to make sure Okta’s technology works effectively for Office 365 customers. At the start of the year, Ed Sawma (who also works on Okta’s product team) blogged about the skyrocketing demand from customers using Okta for Office 365 and recently published another post highlighting some of the identity and mobility challenges of moving to Office 365. It became clear to us that customers would be interested in further discussion into this topic, including examining the pros and cons of using the out of the box tools from Microsoft, which is what we’d like to do today. [Read more…]

Let’s (Finally) Say Goodbye to Passwords

Finding the right authentication technology can be challenging. Companies strive for a solution that achieves the lowest risk of unauthorized access to their businesses’ data, be that in the form of sensitive GDPR- and HIPAA-protected information or highly-confidential collateral stored in globally-distributed databases, without encumbering the end user. With threat actors targeting the weakest points of a company’s security — their people — this means investing in technologies that replace passwords with stronger, simpler user authentication. [Read more…]

Making the Multi-factor Authentication Transition

As business operations move to the cloud, companies are increasingly switching to Multi-Factor Authentication (MFA) to secure their applications. After all, when business can be done from anywhere, and employees may need hundreds of different digital tools and services, security is a major concern.

With new software comes new practices, and it’s critical to roll things out in a way that makes life easy for end-users. This is where User Access Management is key. Sysadmins must have a reliable plan for giving users access to the tools they need when they need them. That includes external applications, network apps, permissions, and other company security requirements. Keep these points in mind when you’re setting up:

Not everyone needs access to every app

If an employee has access to too many apps they don’t use, they may feel overwhelmed or find that it’s harder to locate the tools they need on a daily basis. Consider your smartphone: if you have hundreds of apps you don’t use, it takes ages to look through them all to find the ones you do. Save your scrolling for Twitter. At work, you should be able to find what you need quickly.

Only give users access to the apps they actually need. You can easily add more access as new needs develop, but avoid permissions creep. You can do that quickly and simply with batch provisioning.

Consider how your employees work

 

With Adaptive MFA, you have plenty of options for how to authenticate identity. That means you can choose the methods that will be quickest, easiest and most secure for the employees using them. Does your team do a lot of work on the road? They can verify their identity from their smartphone with Okta Verify with Pushor OTP (one-time password), SMS, or voice. Do they always work from the office? Location-based authentication services can tell they’re in the building, and grant access to the apps they need.

The key is to choose a service that can adapt to your users’ needs. MFA isn’t one-size-fits-all—in most organizations, every employee will have their own workflows and preferences. 2FA can cause problems when authentication methods are too rigid, and employees get locked out of their apps. Nobody likes delays and lost productivity.

Batches are your friend

When you’re getting set up, group your users in a way that makes sense for access. That way it’s easy to manage security requirements for entire departments or levels of seniority, instead of having to set people up one by one, or come up with one method that sort of works for everyone. So you may want to require voice authentication for senior leadership or other employees with access to confidential data but stick to security questions for contractors who only have access to one or two apps.

Batching has plenty of benefits beyond MFA. When your users are grouped, provisioning and deprovisioning is a breeze. Just hired someone new in HR? Add them to the HR group and they’ll have all the apps they need. No more painstakingly giving them access to individual programs, and fielding requests for new things they just found out they don’t have.

And it’s not just new employees who need new tools. Does everyone in customer support now need access to Salesforce? No problem. When you’ve grouped them, you can give everyone access in minutes. It’s like when your entire extended family bypassed the line at Splash Mountain because your Aunt Joan sprung for the FastPass+.

The benefits of User Access Management and Adaptive MFA

Some businesses are unsure about MFA because they think it’s impossible to have both sign-on convenience and privacy. That’s where the importance of adaptive multi-factor authentication comes in. Instead of requiring the same types of authentication (which causes problems if, say, a phone gets lost or damaged), Okta can adapt to changing circumstances and verify identity-based on a wide range of factors. With the right tools at hand and a strategy for user access management, you can have both convenience and privacy.

Be safe, be accessible, be better. Learn more about what Okta’s Adaptive MFA can do for your team.

This article was originally published here.