Recently, Okta® announced their new Advanced Server Access management solution. Playing in the privileged access management (PAM) space for the first time, this Okta SSH key management-like offering is aimed at helping developers and operations personnel with logging into their Windows® and Linux® server infrastructure. One desired effect of this new release is that Okta and AWS® could end up working well together—but, is that really the best approach for privileged identity management?
Okta’s Market Extension Strategy
Let’s step back for a moment to understand the thought process for why Okta is cozying up to those customers leveraging AWS. Historically, Okta has been staying in the lane of web application single sign-on (SSO). The space, also called IDaaS by analysts and pundits, has become a critical part of the larger identity and access management (IAM) world. Why? Like peanut butter and jelly, the ease-of-use of SSO functionality for end users compliments the IT security benefits of IAM.
As Okta continues to go up market and focuses on catering to the largest enterprises in the world, there is little doubt that they will expand their wings in the identity management space. Previously, Okta dove into the two-factor authentication space (2FA) with their adaptive MFA solution, but this area remains highly competitive with Duo and Yubico available among others. Another area that Okta has picked up traction is in the developer space with a user management system for customer-facing web applications and mobile apps. The core competitor here? Azure® Active Directory®, B2C.
More Add-Ons, Same Core Directory Service
Okta’s Advanced Server Access solutions seem to be taking another step towards market expansion by targeting the privileged access management market. For many large enterprises, a PAM solution has been a standard protocol for extending Active Directory to servers and network infrastructure. Many IT organizations have leveraged solutions such as BeyondTrust, which Okta’s server access solution seemingly competes against.
Considering the untapped revenue at stake, it certainly appears that Okta’s goal here is to lure in DevOps organizations managing AWS servers and other cloud servers. Traditionally, this group has leveraged OpenLDAP™ and configuration management automation solutions such as Chef, Ansible, Salt, and Puppet. However, the hidden challenge lurking underneath all of these approaches, including Okta’s, is that there still remains a general requirement to integrate with the core directory service. More often than not, that core directory service is Microsoft’s aging Active Directory (AD). Why is this a problem? Well, Active Directory wasn’t built to support a cloud-forward, heterogenous workplace, and tends to struggle with non-Windows, cloud-based resources.
As IT organizations seek to harness cloud benefits and continue shifting away from on-prem identity management infrastructure (such as AD), a solution combining Okta and AWS still struggles to suffice because it doesn’t solve the fundamental issue of replacing the core directory service, AD. Furthermore, it doesn’t manage the SSH keys that AWS requires. So what are we looking at here? More add-ons and still the same issues with Active Directory:
- Friction with Mac & Linux systems
- Complex configuration and management
- On-prem hardware required
- High initial cost for servers and maintenance
- Limited connectivity with cloud apps & infrastructure
Alternative: All-Inclusive Cloud Directory Service
The good news is that there are some other options available, so you don’t have to daisy chain AD + Okta + AWS + whatever else you need. One recent alternative that’s simplifying the whole process of identity and access management is a next-generation cloud directory service. This approach combines the identity provider (IdP) with web application single sign-on and privileged access management to on-prem and cloud servers, such as AWS. This way, you get a centralized solution that’s agile, easy to manage, and all-inclusive.
One of the best things about Directory-as-a-Service® is that you can dive in and explore the platform for up to 10 users at no cost. You’re free to try out the functionality and get a feel for how it all works together before making any kind of commitment. Another option is to request a demo, and let one of our product experts show you the ropes. We’re happy to answer any further questions you have, whether it’s regarding Okta and AWS, privileged access management, or specifics of managing your IT environment.