Okta Beefs Up Multi-Factor Authentication

Okta, the company best known for cloud identity management, is introducing a new level of multi-factor authentication (MFA) that it is calling Adaptive MFA. It uses intelligence and a rules engine to determine when it’s prudent to ask for a second form of identification.

By now we have all heard about the growing list of high profile breaches over the last 12-18 months. Just the other day partly in response to this, I wrote a post called Kill The Password. Okta doesn’t necessarily want to kill it, but it wants to make it much more difficult for hackers who steal passwords to use them to get to sensitive enterprise data.

If the system senses for whatever reason, that this is not a typical way of accessing the company’s sensitive data, it will ask the user for a second form of identification. This could be a code it sends to your smartphone, your fingerprint or a Yubikey, depending on the company and its requirements. The idea is to provide a number of options and let the customer decide how to implement the MFA system.

The trouble with traditional forms of MFA is that they tended to be in the hands of a select few road warriors and executives who needed access to the company applications from the road. Today, with the cloud, everyone has access and that requires a new way of looking at the problem, Eric Berg, chief product officer at Okta explained.

“You can no longer solve for a small number of users. You need this capability everywhere,” he said.

That led Okta to take what had been a feature within the Okta product set and make it a much more powerful stand-alone product.  The new product includes the ability to set rules when a user must use a second factor after entering a user name and password.

The conditions on when that happens depends on the rules, but it doesn’t depend on humans alone. It also heuristically understands over time what is normal behavior, and may ask for a second factor, even when the rules engine didn’t explicitly require it. There are certain conditions you can’t create a policy for, and the system will try to fill those gaps intelligently.

Okta works with both on-prem and cloud applications, so it can integrate into a mixed environment, and even if the customer is using VPN, work as a part of that existing system, Berg explained.

Just this week Okta announced a $75 million funding round and joined the ranks of the Unicorns with a valuation of just under $2 billion. The company has been around since 2009 and has raised $230 million with this week’s round.