Okta and the OpenID Foundation today announced the formation of an
OpenID Foundation working group with Ping Identity, Microsoft, SGNL, and
Beyond Identity as the first step towards establishing a new identity
security standard, the Interoperability Profile for Secure Identity in the Enterprise [IPSIE].
The vision of this new, open standard is to provide a framework for
SaaS companies to enhance the end-to-end security of their products
across every touchpoint of their technology stack.
Why it Matters:
-
Thousands of different applications in the cloud today are built without secure identity.
-
Until now, there has never been a framework for SaaS builders to bring
together new and existing technologies like SSO, risk signal sharing and
session termination.
-
We are already working together with leading SaaS providers to embrace this new standard.
-
Over 50 leading enterprise SaaS apps including Google, Microsoft Office
365, Slack, and Atlassian have already built features and APIs that
support aspects of this future standard.
"Okta is focused on elevating the entire technology industry to be
better protected from attacks. Our goal with IPSIE is to standardize
identity security and help foster an open ecosystem where building and
using enterprise applications that are secure by default is easy for
everyone," said Todd McKinnon, CEO and Co-Founder at Okta. "We are proud
to have led the formation of this working group within the OpenID
Foundation as we work to standardize identity security and make the
world a more secure place."
What's New - Identity Security Standard: Interoperability Profile for Secure Identity in the Enterprise [IPSIE]:
Okta is determined to get security right and in order to get security
right, you need to get identity right. The future of the industry rests
in not just securing identity, but also having a secure identity
standard that is open and available to everyone. Okta's mission has
always been to free everyone to safely use any technology and this
standard is a step closer to making this a reality.
The formation of the IPSIE working group with OpenID Foundation will
enable identity providers, ISVs and public and private sector
organizations to integrate identity security across every facet of their
ecosystem. In addition to the basics of SSO and MFA, IPSIE will enable
organizations to better control governance, entitlements, workflows,
authorization, and continuous authentication to detect risk signals
effectively and take actions to manage their identity security posture.
To support the integration of critical identity security capabilities
into SaaS apps, IPSIE aggregates a set of existing and new standards.
These include:
-
Single Sign-On: Centralize login, policies, and enforcement
-
Lifecycle Management: Secure user on/offboarding and prevent security risks like orphaned accounts and shadow directories to avoid unauthorized access
-
Entitlements (Governance/ Privileged Access): Enforce least privilege access and move toward zero standing privileges
-
Risk Signal Sharing: Seamless security insights sharing across your entire security ecosystem
-
Session Termination: Immediately terminate all user sessions in response to detected threats
By advancing identity security standards and fostering a more open ecosystem, IPSIE empowers organizations to:
-
Gain more complete visibility across the identity threat surface: With
more insights into their identity security, organizations can better
protect themselves against cyber attacks, ensuring the right access is
granted at the right time and enabling real-time responses to breaches.
-
Build secure-by-default SaaS applications more seamlessly and efficiently:
Any app built to the standard will adhere to a higher level of security
by ensuring that it can be governed, manage entitlements, support MFA,
posture management, and real-time universal logout.
-
Drive consistency and flexibility across SaaS: These standards
enable consistent security outcomes across SaaS applications. They also
allow for simplified compliance and reduced integration challenges that
encourage flexibility and choice within an organization's tech stack.
To further encourage the adoption of IPSIE, Okta is taking integration to the next level with:
-
100+ new integrations across top ISVs: Okta has worked with
leading SaaS vendors to build over 125 deep integrations with some of
the most widely adopted enterprise applications, including Google,
Microsoft Office 365, Slack, and Atlassian. These applications support
features which will be included in the standard to better meet the tech
ecosystem and customers where they are today, while providing a
framework to better protect them in the future.
-
Okta Customer Identity Cloud (CIC) will enable every app builder to
easily build their applications to be IPSIE-compliant and secure by
default: Starting with our new free and self-serve plans all the way
to our enterprise plans, developers of any size will be able to use
IPSIE-standard features like SSO, MFA, SCIM and Universal Logout.
What's New - Secure Identity Assessment (SIA):
We know organizations are struggling with identity security debt and how
to manage it as they face a multitude of challenges from ensuring
compliance, reducing operational complexity, and securing their own
infrastructure from breaches.
At Okta, we have a wealth of experience and lessons learned with our
internal security debt management program, and bringing critical
security debt down to zero. We're extending this to our customers with
the Secure Identity Assessment (SIA),
our end-to-end approach to reduce our customers' identity debt by
equipping them with the tools and expertise to identify vulnerabilities
like admin sprawl, improve their identity infrastructure, and adopt the
strongest possible security posture on an ongoing basis.
SIA combines the best of Okta's expert advice with identity security
controls, training, and certifications to help organizations enhance
their overall security posture and lower their identity debt. As part of
SIA, Okta provides customers with an Identity Security Checklist to assess vulnerabilities, an Identity Security Maturity Assessment to track security progress, Okta Expert Assist for guided setup and best practices, and Okta Learning with access to instructor-led training and certifications.
The assessment provides:
-
Comprehensive Identity evaluation: Identify misconfigurations, orphaned accounts, and security gaps with an expert-driven approach.
-
Tailored recommendations: Implement custom remediation plans
based on your org's size, structure, and security needs to address
technical debt efficiently.
-
Proactive risk reduction: Strengthen your security posture and streamline compliance through actionable insights and periodic assessments.
SIA offers a clear roadmap for reducing identity debt and working
towards compliance in a complex regulatory environment. It comes in
three flexible service tiers: Premium, where large customers get comprehensive discovery sessions and in-depth analysis; Advanced,
offering targeted recommendations and partner-assisted discovery
sessions, ideal for mid-sized orgs focused on reducing identity debt;
and Essential, where customers can start with self-paced or
partner-guided assessments using Okta's tools-perfect for smaller teams
or those seeking a scalable solution.