Unlike most of the other multifactor authentication (MFA) products, Okta Adaptive MFA is an MFA tool within the Okta Platform ecosystem that stems from single sign-on. Okta Adaptive MFA is worth considering by companies looking to implement cloud-based security.
How is Okta Adaptive MFA adaptive?
Okta Adaptive MFA features risk-based authentication that uses contextual access policies. Based on a user’s location, IP address or device, Okta Adaptive MFA is able to provide the right step-up authentication factor to provide the user with secure access. Admins can define the types of factors users need for access based on their role in the company.
Among other authentication methods, Okta’s MFA product supports push-based and soft token authentication. Through a partnership with Yubico, users also have the option of hard token authentication with YubiKeys.
As a multifactor authentication tool, Okta Adaptive MFA uses the Okta Verify app to add security measures to standard username/password logins to a variety of servers and services, using biometrics and smartphones to prevent unauthorized logins, even when passwords have been compromised.
It is an appropriate software tool for midlevel and large enterprises, especially those that want to make use of a variety of external software as a service (SaaS) products. The Okta Verify app is available for iOS, Windows Phone and Android.
Okta Adaptive MFA pricing
Okta is one of the few multifactor authentication vendors that actually offers simple pricing on a per user, per month basis. It takes the pricing calculations from advanced multivariate calculus down to simple multiplication.
Okta Adaptive MFA is $3 per user, per month and offers text messages, Okta Verify push notifications (with Touch ID), voice recognition, universal second-factor authentication, and it supports cloud and on-premises apps and VPN. For an additional $3 per user, per month, organizations can purchase the Advanced Policy, which offers geolocation, IP reputation and IP zone functionalities. The Advanced Policy has a $1,500 per-year contract minimum and businesses are billed annually.
Okta Adaptive MFA management and administration
Okta has a unique feature called Just In Time provisioning that isn’t found in other multifactor authentication tools. This means customers can import all of their Active Directory (AD) accounts and set things up so that, when end users are ready to start using Okta’s single sign-on (SSO) component, Verify will try to authenticate them with their AD logins and create their accounts on the fly. This can be useful for businesses that are turning on SSO for a large population all at once.
Okta Adaptive MFA supports strong authentication across more than 3,000 web and SaaS applications, and can integrate to RADIUS and AD logins, as well. To provide layers of security to companies’ custom-built apps, Okta has an extensible integration available to developers that enables them to adjust their apps’ code.
However, Okta Verify is able to support two AD connectors to the same directory store for redundancy, in case one connection fails. This is an example of how Okta’s focus is in the cloud, where links can go down and, therefore, require a backup.
When customers set these connections up, they are read-only. It is easy enough to quickly turn on two-way synchronization when needed, however. That way, IT managers don’t need to maintain both directory copies at all times.
Verify’s biggest downfall is in how poorly it recovers from errors in the configuration process. Once an app is configured, admins can’t actually delete it — they can only deactivate it. If an app hasn’t been set up properly, this can give IT fits.
In keeping with the rest of the product, reports are very graphical, and they show Okta customers the last month’s worth of app usage and suspicious activities, as well as how many users have never signed into the system. Other reports include which users have failed their logins.
There are clear workflow diagrams showing users what they need to do to finish tasks, and separate tabs for setting up apps and users and running reports. This is one of the product’s best features.
Okta Adaptive MFA documentation
Unlike some other multifactor authentication solutions, Okta’s documentation is excellent, with plenty of screencast videos demonstrating how to set things up. Again, this shows Okta’s heritage as a cloud-based security company, where experiential learning using videos is prevalent.
Okta Adaptive MFA is a solid multifactor authentication tool. If an organization is using numerous SaaS-based apps and wants to solve the issues of delivering stronger passwords and authentication that’s unique across a wide variety of services, this product should receive serious consideration.