Okta® And Privileged Access Management

By Zach DeMeyer Posted June 3, 2019

Okta® is one of the most popular web application single sign-on (SSO) products on the market. As they grow, it seems like they are looking to expand their identity management offering into other sections of the stack. For instance, Okta recently announced their Advanced Server Access, which appears to link Okta and privileged access management (PAM).

Expanding the Offering

Okta’s foray into the PAM space seems to be largely driven by the company’s recent acquisition of ScaleFT, a security and solutions company inspired by the BeyondCorp Zero Trust Security model. One of ScaleFT’s core offerings is managing server access.

By incorporating ScaleFT, Okta has added a server access management feature to their product that is similar in ways to the use of SSH keys, but slightly different. Okta Advanced Server Access relies on leveraging a Windows or Linux server agent that uses a PKI architecture for authenticating user access, using the RDP and SSH protocols for communication.

The Bigger Picture

Okta’s Advanced Server Access product is designed to provide their existing enterprise customers with a method for managing critical infrastructure access. By integrating server access with identities that are already being used to connect to other on-prem and cloud resources, the hope is to lock customers in to their product. This extension is akin to their entry into two factor authentication (2FA) to compete with Duo, as well as their interest in the consumer identity space, with user management for developers and their applications.

The underlying fact of it all is that, consistent with the rest of their approach to the market, Okta is building this solution to be used on top of Microsoft® Active Directory®. On-prem Active Directory (AD) identities integrate with Okta, which can then be federated to web applications and servers as the source of truth.

For large enterprises that are heavily reliant on Active Directory, the Okta approach to identity management is appealing. This desire for add-ons to AD has been the force behind why Okta’s web-app SSO offering is so popular, so adding the former ScaleFT server authentication solution makes some sense indeed.

The Problem of Disparate IT

But, with the overall shift to cloud infrastructure and non-Windows systems and platforms, many other IT organizations are looking to shift away from on-prem identities as their source of truth. They need their identity management to be as agile as they are, and with one foot cemented on-prem, the thought of managing add-on solutions like Okta on top of their AD instance is a hard pill to swallow.

That’s why thousands IT and DevOps organizations have come upon a next generation cloud identity management platform that eliminates the need for AD and add-ons altogether. This cloud directory service product offers functions such as centralized user management, SSH key management, cloud and on-prem server authentication and management, cloud LDAP, RADIUS-as-a-Service, 2FA, system management, and much more. It is a reimagination of AD and other disparate identity management tools, available from one cloud admin console.

Comprehensive Cloud Identity Management

JumpCloud® Directory-as-a-Service® is the first cloud directory service enabling IT admins to manage user access to virtually all IT resources. JumpCloud end users can leverage one password to access their systems, servers, email, applications, networks, and more.

IT admins can also use JumpCloud’s flexible administration tools to automate their user and cross-platform system management, including Bash and PowerShell commands, REST APIs, and group policy object (GPO)-like Policies. Regardless of your organization’s location(s) and choice of platform, protocol, or provider, it can be managed simply and effectively with JumpCloud.

Try JumpCloud Free

Directory-as-a-Service is completely free for the first ten users in your organization, forever. All you have to do is sign up for JumpCloud to start centralizing your identity management stack today. You can sandbox your environment before you buy, or even schedule a demo to see how you can best use JumpCloud to suit your needs.

If you have any additional questions, please feel free to contact us for support. Our Customer Success team is available for you, regardless of if you are a customer or not. You can also learn how to get started with JumpCloud at our Knowledge Base.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts