Innovate IT Ltd

Okta - Identity and Access Management IAM Single Sign-on SSO

OKTA connects any person with any application on any device. It's the market leader for cloud identity management, providing a secure way to store your credentials. Okta’s architecture means that users just sign-on with one password, one time to access all their applications. Take advantage of this SSO service.

Features

  • Single Sign-on (SSO)
  • Federated central identity and access management
  • User identity lifecycle management
  • Identity audit report generation
  • Active Directory (AD) integration and LDAP integration
  • Manage access to legacy web applications
  • Device attestation
  • 6,500+ application integration templates
  • Adaptive multi-factor authentication
  • API access management

Benefits

  • Enables bring Your Own Device (BYOD) (multiple platform devices)
  • Zero trust security
  • Accelerate digital transformation
  • Enhanced staff identity security
  • User identity migration tool
  • Automated licence provisioning
  • Simplified joiner, movers, leavers process
  • Enforce password policies
  • Reduce password resets (user self-service)
  • Security group membership access control

Pricing

£1,800 a transaction a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@Innovate.Cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 5 0 9 3 5 6 7 2 3 3 0 9 8 6

Contact

Innovate IT Ltd Paul Rawlinson
Telephone: +44(0)7968 180 492
Email: Hello@Innovate.Cloud

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
OKTA is an extension of over 6,500 application integrations. For a full, up to date list visit: https://www.okta.com/resources/find-your-apps/
Office 365,
G-Suite
Wordpress (CMS)
Content management systems (CMS)
Salesforce
Amazon Web Service AWS
Adobe
Slack
WebEx
1Password
ZScaler
Active Directory
Confluence
JIRA
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints
No standard requirements, although you can install the browser plugins to enhance the user SSO experience. Other Okta features have their own specific requirements.
System requirements
  • User licences
  • Device level browser compatibility
  • No server-side system requirements

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Depending on the level of support (basic/premium) and priority level.

Basic Success Response Time
Priority Level:1
First Response: 4 Hours
Subsequent Updates:12 Hours
Priority Level:2
First Response: 12 Hours
Subsequent Updates:24 Hours
Priority Level:3
First Response: 24 Hours
Subsequent Updates:36 Hours
Priority Level:4
First Response: 24 Hours
Subsequent Updates:36 Hours

Premier Success, Premier Access Success, and
Premier Plus Success Response Time for the Service during 24x7 Support hours
Priority Levels:1
First Response:1 hours
Subsequent Updates:2 hours
Priority Levels:2
First Response:2 hours
Subsequent Updates:8 hours
Priority Levels:3
First Response:2 hours
Subsequent Updates:48 hours
Priority Levels:4
First Response:8 hours
Subsequent Updates:48 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Every project will be given a technical account manager who will assess the technical requirement and assign the relevant resource on and individual basis. The resource cost will be in line with the SFIA card.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a complete Okta integration and migration service to get you up and running. We can design, plan and manage the project as well as provide the licences. We provide onsite training, online training and user documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Audits can be exported in .CSV format
User identities from the universal directory can be synchronised with other compatible directories.
End-of-contract process
Included: Service documentation will be handed to the customer. If no longer required by the customer, all data will be securely erased and the SaaS tenant deleted.
Additional charges: Data migration services are chargeable.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None. Full featured mobile service.
Service interface
Yes
Description of service interface
The interface is accessed through a web browser.
Accessibility standards
None or don’t know
Description of accessibility
Okta is continuously working to improve the accessibility of its products in compliance with WCAG standards. Current efforts include:

CSS background images that convey meaning have textual and visible equivalents
Images provide informative alternative text
Form fields have valid labels
Dialogs can be closed through the keyboard
Dialogs use proper structure
When dialogs are activated focus moves appropriately
Custom controls are accessible through keyboard
Custom controls provide proper textual name, role, and state information
Link text is meaningful within context
Link text is meaningful when taken out of context
Accessibility testing
We have implemented with yubikeys multi-factor, telephone multi-factor and the interface is customisable to meet specific needs.
API
Yes
What users can and can't do using the API
The APIs can be user for integration into monitoring and other third party services, strictly controlled by Okta administrators, with no user access. The APIs are strictly server-side. Okta uses REST APIs.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The customer can customise the available features for their needs.
The dashboard and branding can be altered to meet organisational standards.
Users are able to add their own applications and SSO links to the dashboard.

Scaling

Independence of resources
As a SaaS product, Okta is delivered over a CDN with services multiple zones around the world.

Analytics

Service usage metrics
Yes
Metrics types
Number of users
Number of integrated applications
Authentication audits
Service use audits
System level audit
Application level audit
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Okta Inc

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We provide a service to export the universal directory, or the user can do it and export it as a .csv file.
Data export formats
  • CSV
  • Other
Other data export formats
LDAP
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • JSON
  • LDAP

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
HTTPS to internet hosted SaaS product dashboard and between agents and SaaS service.
Internet connectivity is under the customers control.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please se the Okta site for details
https://support.okta.com/help/s/article/Okta-Support-Service-Level-Agreements-by-Customer-Success-Package
Approach to resilience
Okta a have a 99.9% uptime guarantee, and zero planned downtime. For the latest information on Okta's approach to resilience, please see the Okta website.
https://www.okta.com/a-secure-reliable-service-you-can-trust/
Outage reporting
Designated support mailbox will receive email alert with estimated outage time and a further email once fully restored.
Users can visit https://trust.okta.com for live information on service.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
API token
OAuth 2.0
SWA
Access restrictions in management interfaces and support channels
Access to support channels is only granted to administrative users and security check is carried out when a user raises a support ticket. Management interfaces is also locked down to administrative users.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
API token
SWA
OAuth 2.0

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
The Certification Body of Schellman & Company, Inc.
ISO/IEC 27001 accreditation date
JUL-08-2016
What the ISO/IEC 27001 doesn’t cover
The scope of the ISO/IEC 27001:2013 certificate is limited to the information security management system (ISMS) supporting
Okta’s cloud-based Identity-as-a-Service (IDaaS) platform and aligned with ISO/IEC 27018:2014 in accordance with the
Statement of Applicability version 3.2, dated March 28, 2016.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
01/05/2016
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
Schellman & Company, LLC examined the description of Okta, Inc.’s (“Okta” or the “service organization”) OnDemand
Identity-as-a-Service (“IDaaS”) system for the period May 1, 2015, to May 31, 2016, (the “description”)
based on the criteria set forth in paragraph 1.26 of the AICPA Guide Reporting on Controls at a Service
Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®)
(“description criteria”) and the suitability of the design and operating effectiveness of controls described therein to
meet the criteria for the security, availability, and confidentiality principles set forth in TSP section 100, Trust
Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA,
Trust Services Principles and Criteria) (“applicable trust services criteria”), throughout the period May 1, 2015, to
May 31, 2016. We have also examined the suitability of design and operating effectiveness of controls to meet the
requirements set forth in the Cloud Security Alliance's Cloud Controls Matrix Version 3.0.1 control specifications.
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • HIPAA
  • SOC2
  • FedRAMP
  • FIPS 140-2
  • GDPR
  • PCI-DSS 3.2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Okta’s data protection meets the highest industry standards, complying with FedRAMP and NIST 800-53, HIPAA, and ISO 27001 requirements. Our state-of-the-art encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers.
Information security policies and processes
For information on Okta security policies and processes, please visit https://trust.okta.com/security

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Please see the Okta link for information on SOC 2 Type II Reporting
https://trust.okta.com/compliance
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Okta aggressively hunt for bugs in our software using four concurrent security programs. Our internal tests work in conjunction with third-party security audits, a public bug bounty program, and a highly-responsive customer bug reporting program. We also believe in the customer’s right to conduct a penetration test on Okta, and so we provide them with test environments to do that.
Please see trust.okta.com for further context.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Okta utilizes a number of monitoring tools with centralized logging and SIEM using our own correlation rules for security monitoring, analysis, and alerting
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Okta has formally documented incident response & disaster recovery standard operating procedures (SOPs) that describe discovery, investigation, escalation, containment, notification, and documentation processes. Customers are provided this SOP document upon request and under NDA

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1,800 a transaction a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A full featured trial can be found at https://www.okta.com/free-trial/
Link to free trial
https://www.okta.com/free-trial/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@Innovate.Cloud. Tell them what format you need. It will help if you say what assistive technology you use.