OK1_Brochure_pages
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Application Entitlement<br />
USA Apps<br />
Functional Apps<br />
Functional and Location entitlement privileges are<br />
defined by an employee’s cost center and work<br />
location, respectively. These privileges are activated<br />
on an employee’s first day on the job, using Okta’s<br />
Lifecycle Management service. The success of this<br />
process is measured by the number of application<br />
access requests submitted to the IT Service Desk by<br />
new employees during their first 60 days on the job.<br />
On average, new employees typically submit only<br />
one request for such additional privileges.<br />
To protect our corporate data and manage our software<br />
licenses prudently, access privileges to any application<br />
are suspended if they go unused for 90 consecutive<br />
days. They are terminated altogether on an individual’s<br />
last day of employment.<br />
Single Sign-On Access<br />
Number<br />
of Current<br />
Applications<br />
SSO Authentication Method<br />
Birthright Apps<br />
Enhanced access privileges allow selected users to view<br />
sensitive information, configure aspects of an individual<br />
application, and administer the access privileges of others.<br />
Enhanced access is enabled by establishing multiple user<br />
groups for individual applications.<br />
97<br />
SAML (Security Assertion Markup Language)<br />
An internationally recognized standard for<br />
exchanging authentication information between<br />
security domains, specifically between Okta<br />
and individual applications.<br />
Individual Okta employees are entitled to a personalized<br />
suite of applications based upon their employment status,<br />
functional assignments and working locations. Common<br />
collaboration tools such as Office365, Box and Zoom are<br />
provided to all employees and are referred to as Birthright<br />
applications. Specialized apps that are uniquely associated<br />
with an employee’s job responsibilities are considered to<br />
be Functional applications. Finally, cloud-based services<br />
that support operations within specific geographic regions<br />
are referred to as Location applications.<br />
This diagram illustrates both the commonality and diversity<br />
of apps assigned to Marketing, Finance and Engineering<br />
employees in the United States. Note that this diagram<br />
is only a partial portrayal of the apps used by employees<br />
in these functions.<br />
Many companies employ credentials stored in Microsoft<br />
Active Directory (AD) as an authentication mechanism.<br />
We exclusively use Okta’s Universal Directory as our<br />
identity credential store and consequently make no use<br />
of Microsoft AD in authenticating employee identities.<br />
Multiple authentication methods are employed to expose<br />
cloud-based applications to Okta's Single Sign-On (SSO)<br />
service, as illustrated in the table to the right.<br />
192<br />
18<br />
SWA (Secure Web Authentication)<br />
An Okta-developed protocol that associates<br />
encrypted user credentials with user-specific<br />
private keys. When a user clicks an application<br />
icon, Okta securely posts the user credential<br />
to the application login page via SSL.<br />
Bookmarks<br />
A url link to an existing application or a portion<br />
of an application, for example a frequently<br />
used wiki.<br />
4 5