Okta has big ambitions. It wants to be the arbiter of secure identity for any device and to that extent has fleshed out its mobile offering which has been in the works for some time. More to the point for business-to-consumer situations, Okta is adding social login from services like Facebook and Twitter that developers can switch on with the addition of a few lines of code.
Ease of use for both end users and developers was the watchword during Todd McKinnon, CEO Okta's keynote at Oktane15, with demonstrations of seriously cool use cases. One that caught my eye was the way in which Workday employee records can be used as a master to Okta's authentication services.
The integrations I saw were so seamless that you have to be quick to even notice what happens. An example might be a contract worker for whom you need to provide access to certain parts of the Workday environment plus some other apps. Okta authenticates them based upon the rules Workday dictates for that type of employee. The same goes for when an employee's status changes. Change the status in Workday and boom! you have an updated and synchronized Okta service.
Today, Okta supports many easily recognized services like Workday, Box and Jive but it equally recognizes there will be hundreds of use cases where there will be limited demand. Solving for that has led Okta to release an SDK which helps developers use Okta's identity management platform as the basis for developer organizations to hook into new services.
The example of EventBoard working with LinkedIn was offered. EventBoard provides conference rooms displays but that's a relatively niche area. EventBoard was able to create the integration using the SDK and voilá, they're hooked up.
Things get a tad more complicated when there are big, on-premise enterprise systems involved like Oracle's e-Business Suite. Here, IC Synergy has developed a gateway built on Okta that easily solves the SSO integration problems normally associated with authentication between those on-premises and hosted types of app.
I was interested to learn how Okta is meeting the ongoing challenge for developers in the business to consumer world where cloud an own apps operate in a mixed landscape. In an earlier briefing, Eric Berg chief product officer, Okta referenced work that long term customer MGM Resorts is doing:
We can store very rich data on people. We can get access to (say) social graph from Facebook and then append that to profile data. They're creating M life experiences where Okta serves as the secure back end to manage identity across an increasing portfolio of applications and analytics and where for example cross promotions can be readily offered.
That's pretty cool stuff but then how do you go about working with mobile devices? The company has announced mobility management support for Android at Work, is supporting iOS soon and Windows 10 devices next year. Listening to a panel that included Okta, Jive and ThoughtWorks, mobile device management depends on the environment in which you're operating. Tom Ryan, senior director of IT, Okta said:
Either embrace mobile or it’s going to happen outside the control of IT. Okta has a BYOD policy, we don’t issue any cell phones, not even to the CEO. We have no blacklist of devices so I don’t have any legacy to think about but then there is no mobile masterplan beyond supporting any mobile device. We used to use ActiveSynch but that’s more of a hatchet than a scalpel. I want to tell you though, the mobile demos look really slick but it’s not as easy as it looks. There's work to do.
Phil Ibarrola, global infrastructure solutions architect at ThoughtWorks offered an alternative view based upon the fact his company is a development shop:
Box came in through the back door. People used Google and Box accounts to share sensitive information because there really wasn't anything in place. We squished that. We had to. Now we're kind of talking about device management but anticipate our users won't be happy. They're a savvy bunch and worry about privacy. It's hard to assure these folk. I guess you could say we have a 'head in the sand' BYOD approach today.
These discussions are well worthwhile and, in some senses, reflect the 'Wild West' nature of mobile applications, development and deployment. I have no doubt that Okta will overcome the technical hurdles but it remains to be seen how well it can construct the business case for mobile management. My guess is that it will become a 'must have' for most customers but I didn't see enough of a polished business story to make me go "Wow I can buy into that."
Disclosure: Workday is a premier partner at time of writing and Okta covered most of my travel costs for attending Oktane15.