By Nick Scheidies Posted April 4, 2019
Okta recently introduced their version of SSH key management, but it really isn’t technically SSH keys. Okta’s Advanced Server Access management function is meant to leverage an Okta identity to help individuals log in to their cloud and on-prem servers. It is using an agent and a private PKI structure to authenticate users into their servers.
This announcement was made by Okta CEO Todd McKinnon on April 2, 2019, at their Oktane customer conference.
Why is Okta Interested in SSH Keys?
Traditionally, Okta has focused on web application single sign-on and has become the market share leader in this category. Often called first generation IDaaS, web application SSO has become an important category in the overall identity and access management marketplace.
Over time, Okta has grown to an enterprise focused company. As part of this push into the enterprise, they have continued to add interesting features to their product including user management for developers and multi-factor authentication.
The announcement of Advanced Server Access shows that Okta is now interested in extending their product to the privileged access management (PAM) category. This area has taken on new significance as IT organizations are shifting to a Zero Trust Security model and Okta seems to be looking to capitalize on this updated security model.
SSO and Privileged Access Management?
Of course, the PAM category has been around for a number of years and has come to represent an important part of the overall identity management landscape. The basic idea of PAM is to take security and control up a notch when it comes to users with highly sensitive access. For instance, admin accounts that have access to critical databases and servers could be candidates for PAM in order to reduce the risk of their credentials being compromised. Often, SSH keys have been used to achieve this.
While PAM has been focused on targeted access for a relatively small number of users, SSO has conventionally been about general access to less sensitive resources (web apps) for the entire user base. It’s a little surprising to see Okta moving this direction, but it’s generally in line with their ambitions to meet enterprise IAM needs. But generally Okta hasn’t been able to do this without the help from the conventional IdP: Microsoft® Active Directory®.
Okta and Active Directory
Generally, as Okta has focused on the largest enterprises in the world, it has tightly integrated with Microsoft Active Directory which plays the role of the core identity provider (IdP). This is no different with Okta’s Advanced Server Management capabilities where the platform can leverage AD identities and federate them to servers.
So it’s important to note, when you ask if SSH key management will now be possible using Okta, that you understand Okta’s approach. It seems that Okta is taking a slightly different approach than using SSH keys, but rather building their own proprietary PKI-based authentication approach to servers. Traditionally, even Active Directory has struggled with the challenges of SSH key management.
Alternative for SSH, SSO, & Directory Services
If you’re evaluating using Okta in tandem with Active Directory in order to manage server access and SSH keys, then make sure to include JumpCloud® Directory-as-a-Service® in your evaluation process.
Although JumpCloud can integrate with AD, Directory-as-a-Service is designed to stand alone as the core IdP for organizations. JumpCloud is a one-stop-shop for directory services, web application single sign-on, system management, and much more.
Server and SSH key management has been baked into JumpCloud’s mission since the beginning. A core part of this next generation IDaaS solution is a deep server access management function that works well with AWS Linux and Windows servers as well as Google Cloud Platform and Azure among many others.
You can hear from a customer using JumpCloud to manage access to their server environment in this case study from the data company, Tamr. You can also visit our resources page for more case studies, tutorials, and videos. Finally, consider getting a demo of the JumpCloud product from one of our technical experts or trying the platform out for yourself by signing up for a free account.