I’ve written a bunch in the past about how single sign on is growing in importance as organizations and the individuals inside them struggle to manage the wealth of different applications they interface with. One of the tools that is able to manage this difficult is Single SIgn On (SSO). There are a number of competing vendors with Okta, MyLogin and OneLogin among others competing to gain momentum.
One of the important parts of SSO is the ability to cover requirements where multi factor authentication is needed, and it is in this arena that Okta is announcing today that they have created the first fully native MFA and SSO service that they have built from the ground up. Okta is pitching this as a solution to the problems raised by single passwords in highly sensitive applications. They point out a recent study by Internet security company BitDefender which showed that 75 percent of
social networking user name and password samples collected online were identical to those used for email accounts, indicating widespread reuse of passwords across multiple applications.
The Okta MFA solution is included with the core Okta service and, as a result, can be applied across the pre-integrated web and cloud applications that Okta is already partnered with. The Okta MFA solution includes factor options, such as security questions and an Okta-developed and supported soft token that runs on smartphones and can be used to secure any application managed by the Okta service.
Okta’s approach can be contrasted with that of MyLogin who has chosen to integrated their SSO offering with MFA solutions from third party vendors. The benefit of this is that MyLogin doesn’t need to have users re-invent the wheel and jump onto a new MFA platform, they can just plugin the MFA provider they prefer. MyLogin CEO Thomas Pederson told me that OneLogin has supported multi-factor authentication for more than a year via Yubico‘s USB key and Symantec‘s VIP Access for Mobile, which both are are both fully integrated and work out-of-the-box. He also indicated obliquely that we will be seeing some more announcements about MFA from them in the coming months.
Of course Okta would counter that be extolling the benefits of an MFA offering built directly into an SSO tool. Not least of all because using that model customers need only pay on bill for both their SSO and MFA needs. Todd McKinnon, CEO of Okta references that saying “Customers that are investing in cloud applications are keenly aware that they need a flexible and secure way to manage access to end users; however, they need a partner that can both deliver a combined solution or work alongside existing MFA services. Okta is the first company to deliver that – and it comes at no additional cost”.
Meanwhile SaaS vendors aren’t sitting still either, NetSuite announced yesterday a partnership with CA Technologies to provide MFA for its customers. Of course that doesn’t answer the SSO part of the puzzle, but does mean that SaaS applications dealing with sensitive data can use industry standard MFA offering.
The jury is out on which option is best, native or integrated MFA for SSO. It will be interesting to watch the journey’s of these two vendors over the months ahead.
(Cross-posted @ The Diversity Blog – SaaS, Cloud & Business Strategy)