Okta, which to this point has been known as a company for managing identity in the cloud, made the leap to mobile device management today, announcing a new product called Okta Mobility Management that provides a simple way to separate work and personal data, giving IT controls they need over work content without compromising personal content on the phone.
It’s not a secret that many people are bringing their personal devices to work and Okta CEO Todd McKinnon told me his customers were asking for a way to protect corporate content on these personal devices without affecting the employee’s personal data.
It’s worth noting that today’s announcement could be partly related to its purported purchase of SpydrSafe that TechCrunch’s Ingrid Lunden wrote about last week.
Okta has been about managing identity all along, but if you wanted to use it on a mobile device, you would have to go through a web interface to access your company apps. This wasn’t terribly efficient, and McKinnon said customers were asking for a simple way to get native apps loaded on an employee device, while providing the same single sign-on capability they were getting from a web interface. They also wanted some back-end management tools to give IT control over the business content on the device, while blocking access to any personal content.
McKinnon said one of the things that separates his company from competitors in this space is that they started with the assumption that this was a personal device. He said, other mobility management solutions were born at a time when companies owned the device, and he believes this an important distinction that allowed Okta to create a solution from the ground up for the way today’s employees work.
The way the new solution works that when an employee brings a device to work, IT gives them a log-in with access to all their business apps. They simply sign in and they see all of their business apps and they are only accessibly through the sign in process. Unlike Samsung Knox or other approaches which create a business and a personal side of the device, this simply creates a business layer you access through Okta.
Should you leave the company or lose your device, all IT has to do is revoke your Okta privileges and presto chango, your work stuff is gone and your personal stuff is left untouched. McKinnon says they deliberately decided to avoid a total device wipe because they didn’t want to give the company that kind of power over what is a personal device.
McKinnon said it wasn’t a huge leap to make the new tool because they had a map of the apps people were using already. What’s more, he said that iOS and Android have made it easier now to separate work and personal content at the operating system level.
Once a person has access to the business apps through Okta, IT can set policies around that access such as requiring a PIN to get on the device, and even set policies about where they can sign in, but they didn’t stop there. Some customers were looking for an even stronger authentication layer beyond the Okta password.
They looked at standard ways of doing two-factor identification where you send a second password code by SMS, but he said they decided that put too much of a burden on the end user, so they came up with a new way to provide that secondary code that gets pushed to the phone. The user simply touches the new code –nothing to remember or type –and they are authenticated.
It’s a simple but effective way to add a second (or third) layer of authentication on top of a password, which we know by now can be easily compromised. Okta has also exposed this new way of authenticating in the API, so that companies can build it into their in-house apps built outside of the Okta apps catalogue.