The GRC Podcast’s Post

I’m more worried about the likelihood and impact of jacked up Okta configurations in my company’s own app instance than I am about Okta, the company, being breached (and given their recent track record, that’s saying something) You use a vendor, you assume the risk. - If a vendor directly impacts your revenue, have a back up plan. - If a vendor stores critical data, determine how to limit blast radius during implementation. - If a vendor gives you concerns, redline contracts or pick someone else.

For folks who uses okta this could be an interesting case to use when you have externals( can apply for internals equally well btw ) that needs to access some servers in your environment on not so frequent basis (example a pen tester or a customer external auditor) since it can create a local account just in time for that session and removes when it finished For Okta I think there are some interesting scenarios where integration with zscaler private access can make this a complete and nicer solution it’s worth having a look( think about it as an alternative for bastion for some customers who wants to keep using zscaler app connectors) Docs by okta : https://lnkd.in/e9RGXqBU Nice explanation by iamse blog: https://lnkd.in/es9rSHTN

#techtiptuesday | The Okta post-mortem shines the light on something I recommend to folks in general: First, don't sign into personal accounts on a work PC browser if you have any sort of privelaged access. Even if you don't have admin, and really must use / view personal content - I'd recommend using profiles in Edge or Chrome to separate the access and stored information. Both support this, and is a good way to prevent crossover of accounts/history and so-on. Chrome Support Guide: https://lnkd.in/euuDnG8v

New toy: a tool for two people who don't a-priori know one another, inside an org, to authenticate one another over a phone call. Just hang this behind an authentication system like ADFS, Okta or whatever. https://lnkd.in/gu5JWHCE Can be used by help desks but really for any context in a medium to large organization where people need to collaborate with new 'insider' partners.

If you are an Okta customer that is not yet on Okta Identity Engine, this webinar is for you

𝐏𝐫𝐨𝐭𝐞𝐜𝐭 𝐲𝐨𝐮𝐫 𝐚𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐚𝐧𝐝 𝐬𝐞𝐫𝐯𝐢𝐜𝐞𝐬 𝐰𝐢𝐭𝐡 𝐢𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐩𝐫𝐨𝐯𝐢𝐝𝐞𝐫 𝐬𝐞𝐫𝐯𝐢𝐜𝐞 𝐛𝐚𝐬𝐞𝐝 𝐨𝐧 𝐭𝐡𝐞 𝐎𝐩𝐞𝐧𝐈𝐃 𝐂𝐨𝐧𝐧𝐞𝐜𝐭 𝐰𝐢𝐭𝐡 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐅𝐞𝐝𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬 (𝐁2𝐁-𝐩𝐚𝐫𝐭𝐧𝐞𝐫𝐬): Your solution is a 'family' of services and applications in the B2B model. Your partners have their identity provider—modern services like Entra ID, Octa, Auth0, and AWS Cognito. Based on OpenID Connect and identity federation with partners, we decided to use JWT, an Access token issued by our identity provider service, to protect our services. The easiest way to do this is to build flow like in the picture below: - user is authenticated via the partner identity provider (federation) - all accounts are protected with the expected security level by the organisation (MFA, Conditional Access, FIDO2, etc.) - based on the organisation idToken with the Admin API/SDK, we can issue|generate the expected JWT tokens for the user - applications and services are protected/connected with one central identity provider Requirements/limitations: - The described flow is based on the OpenID Connect. - The Web Browser (Chrome, Firefox, Safari) is needed to authenticate the user. - The partner identity provider secures accounts, - No additional MFA is required. If needed, the process should be extended as a multi-step process. #IdentityManagement #AWS #Cognito #AzureADB2C #Okta #auth0 #b2b #IdentityFederation

For Indeed, the decision to migrate from Auth0 to WorkOS came down to three factors: ▶ Admin Portal would streamline the customer onboarding flow into just a few, self-serve steps, saving the team hours of engineering involvement. ▶ Consolidating to a single provider that could support both SSO and SCIM provisioning would effectively reduce operational burden. ▶ WorkOS provided connections-based pricing that would scale more transparently. Learn more in our latest case study: https://lnkd.in/ezWVpp48

🚀 Unlock the secrets to AppExchange success with our Ultimate Guide!📖 From signing up as a partner to navigating security reviews, we've got you covered every step of the way.🏁 👉 Check out our latest blog for insider tips and essential checkpoints on your ISV journey💯 https://lnkd.in/g6CEQrjj #AppExchange #SalesforceSuccess #ISVPartner

Did you know? Passkeys are available as a feature on all Auth0 by Okta plans — even the free ones! This means that if you want to familiarize yourself with passkeys and their user experience, you can set up a free tenant and add passkey-enabled authentication to your applications at no cost.