Protect Okta

AuthN by IDEE Integration: Okta Universal Directory

Further Securing Your Digital World
Okta Universal Directory is used by professional organizations that are serious about putting identities at the heart of their IT environments – we wholeheartedly approve! Okta’s highly acclaimed cloud-based directory is used by tens of thousands of organizations, to store user ID’s, attributes, and permissions and effectively manage workforces world-wide.  

It all starts with people, and Okta Directory sits at the core of the organization - the data it stores and systems it connects to are as critical as they are valuable.  

What if you could protect it all with next-level security in the form of MFA 2.0? We’re glad you’re here!  

Request a demo
Glass-walled office with the Okta logo displayed on the wall, representing the integration of AuthN by IDEE with Okta Universal Directory to provide enhanced security for identity and access management.

All the Functionality of Okta Directory…  
Just With a Whole Lot More!

If you want all the benefits of Okta’s Directory, but with an additional layer of top-level-security and user convenience,
then AuthN by IDEE is the right choice.

Here are some of the reasons why businesses know it makes sense to add AuthN by IDEE...
Icon of a piggy bank with a coin being inserted, representing cost-effective multifactor authentication solutions provided by AuthN by IDEE.
Cost Effective Multifactor Authentification

AuthN by IDEE is the most effective way to add the highest level of authentication security for the most optimum price per user - all the advantages of the highest tier of Okta MFA 2.0 with an abundance of extra benefits.

Icon of a shield with a check mark, representing the highest level of authentication security offered by AuthN by IDEE against phishing and password-based attacks.
Highest Level of Authentication Security

Protects against all credential phishing & password-based attacks including AiTM.
AuthN by IDEE makes your solution even more secure with an extra layer that is not just phish-resistant, but demonstrably phish-proof.  

Icon of a hand snapping fingers, symbolizing the ease and simplicity of integrating AuthN by IDEE into existing IT environments without disruptions.
No Disruption to Your Existing IT Environment

Okta is still your central repository, and the AuthN integration is the phish-proof forcefield that slots expertly into your existing IT infrastructure, protecting everything with no changes required.

Icon of a gear and arrows, representing enhanced productivity and user experience through simplified and secure sign-in processes.
Improved Productivity With Superior UX for Users

Users authenticate right on the device they are already using making sign-in and authentication seamless to the point that it is almost unnoticeable.

Icon of a document with a check mark and a certificate, symbolizing streamlined compliance and adherence to regulatory standards with AuthN by IDEE.
Compliance Just Became a Breeze

Many use cases demand higher levels of authentication security and AuthN guarantees a zero-trust solution that stores zero PII of any user.

Icon of the Okta logo with integration symbol, representing the availability of AuthN by IDEE through the Okta Integration Network.
AuthN Is Available via the Okta Integration Network

Integration is easy and AuthN by IDEE is an approved integration that can be found via the Okta Integration Network: https://www.okta.com/integrations/idee-mfa/

Request a demo

What Does Login Look Like?

Users’ authentication and login just got super slick. With AuthN by IDEE it’s like going back to before you had MFA… but now you have MFA 2.0! Here’s what it looks like for users.

How to Integrate Okta Universal Directory With Authn by Idee

Just like everything else about our product, integration is simple.

Your Step-by-step Integration Guide

The following guide will walk you through adding IDEE AuthN as an external SAML 2.0 provider to allow logging in to Okta and associated applications using IDEE AuthN (MFA 2.0).
Step 1.
  1. In the Admin Console, go to Security Identity Providers.
  2. Click Add identity provider, and then select SAML 2.0 IdP.
  3. Click Next.
  4. Configure the General Settings and Enter a Name for this IdP.
Step 2.
  1. Scroll down to Account matching with IdP Username, select idpuser.subjectNameId.
  2. Under Match Against section select Okta Username or Email.
  3. Change the Account Link Policy to Automatic.
  4. Select the option for If no match found as Redirect to Okta sign-in page.
Step 3.
Configure settings under SAML Protocol Settings.
  1. Provide the IDP issuer URI by copying the IDP Issuer URI from the IDEE Integrations page.
  2. Provide the IDP Single Sign-On URL by copying the IDP Single Sign-On URL from the IDEE Integrations page.
  3. Download the IDP Signature Certificate from IDEE Integrations page and upload it to the IDP Signature Certificate section.
  4. Change Request Binding to HTTP Redirect.
  5. Click on Finish to save.
Final Steps
  1. Download the SAML Metadata.
  2. Upload the metadata.xml file to the Service Provider Metadata section on the Integrations Page.
  3. Once uploaded, select your preferred Authentication method to complete your integration. We recommend using Web-AuthN 🔒
Testing Your Okta Integration
  1. You can test out your integration by using yourDomain.okta.com in your Browser.
  2. A new integration takes up to 5 minutes to be complete! ⏰
  3. This should redirect you to the IDEE Login Page.
Request a demo
Fingerprint used for Biometric Authentication MFA

Enrollment: Register
A New Device in Seconds!

AuthN by IDEE works on the basis of transitive trust, which means that only a trusted user can access a trusted service on a trusted device when proven to be in possession and control of their device. User devices, therefore, must be registered, but it is so straight forward, users can complete the process in just a few seconds, guided step-by-by-step from within the app. It’s child’s play!

Person sitting cross-legged, holding a smartphone in one hand and using a laptop on their lap, representing the ease of enrolling and registering a new device with AuthN by IDEE in just a few seconds. The background features a red and yellow gradient circle.
Your Step-by-Step Guide
  1. User goes to login to a protected domain for the first time and signs in  
  2. They will be redirected to AuthN by IDEE to set up their device.
  3. The user simply unlocks their device, using facial recognition, PIN, or fingerprint.
  4. They will receive a secure magic link via email.  
  5. The user clicks on the link which opens a new tab in the browser.
  6. User clicks ‘accept’ at which point they have registered their device. 🎉  
Now every time a user wants to login to their favorite accounts, they just unlock their device. That’s all.

Protect Everything (Including Legacy Systems)

Once you have added AuthN by IDEE to your Okta account, you can protect everything with same-device phish-proof MFA.

AuthN by IDEE seamlessly integrates with Okta through modern authentication protocols. Thereafter, access to the Okta user dashboard is only possible via phish-proof MFA. The legacy applications that require passwords work just as before but with the additional security of phish-proof MFA and all the convenience of same device authentication.  

In addressing the needs of legacy systems reliant on passwords, AuthN by IDEE also offers seamless integration with reverse proxy, Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE) and Virtual Private Network (VPN) solutions. By enforcing phish-proof Multi-Factor Authentication (MFA) prior to password entry, AuthN ensures robust security measures are in place. This approach guarantees that only authenticated users with the appropriate access rights to the designated application, are permitted to enter passwords and gain access. They must have also successfully completed the phish-proof MFA process first, thereby fortifying system security comprehensively.

Diagram illustrating AuthN by IDEE’s integration with Okta and its ability to protect on-premises and cloud-based legacy systems using phish-proof MFA. The diagram shows the flow from on-premises directory services, through the identity provider (AuthN by IDEE), to cloud directories like Okta, and ultimately to enterprise cloud resources. Text highlights supported devices, integrations, and access methods, emphasizing compatibility with systems like Windows, macOS, iOS, Android, and integration protocols such as SAML, OIDC, WS-FED, WebAuthn, and FIDO2.

Authentication Methods


Chose An Authentication Method That’s Right for You

We highly recommend you use Web-Authn which is the passwordless, same-device phish-proof, method of MFA. However, you do have choices and, it is up to you. Supported authentication methods include:  

The following popular browsers are supported:

  • WebAuthn
  • FIDO2 Security Key
  • PUSH
  • QR
A smiling woman with hands clasped over her heart, representing satisfaction with the variety of authentication methods supported by AuthN by IDEE, including WebAuthn, FIDO2 Security Key, Push, and QR.

Web-Authn offers the highest level of protection. We ensure that your digital identity is secure from phishing and password-based attacks throughout the entire lifecycle, which is why Web-Authn is our preferred and recommended option.

Device Requirements

Web-Authn works on any computer with a TPM chip (most machines from 2016 onwards have this) and/or any smartphone with a secure enclave or secure element.

The following popular browsers are supported:

  • Microsoft Edge
  • Chrome
  • Safari
  • Internet Explorer 7 or higher
On the bottom left, a person holding a smartphone displaying icons of supported browsers—Microsoft Edge, Chrome, Safari, and Internet Explorer—highlighting device requirements for WebAuthn compatibility with TPM chips and/or secure enclave or secure element.
Fingerprint used for Biometric Authentication MFA

Fallback Procedures

We have not only eliminated phishing,
but we can also promise to eliminate the anxiety of account resets and recovery.  

Our aim is to remove the complexity and stress from every area of authentication. Of course, a solution’s fallback procedure is always a consideration when weighing up whether an app is right for your use case, but there really is not much to talk about in this section because it is all so simple!

There’s Nothing to Lose!  

First of all, there are no additional tokens, keys or USBs, let alone any secondary devices, and there are no passwords at any stage of the identity life cycle. This means that there is nothing to lose. Everything you need is already housed within the secure hardware of your registered device. This reduces the need for account recovery due to lost devices or hardware, and also eliminates the need to have back-up codes, or purchase replacement back-up hardware and we never fallback to passwords.

In the highly unlikely event that you do lose access to your trusted device (which will most likely be a work laptop or PC), you simply re-establish trust on your new one using secure identity proofing or setup the new device from an existing device using transitive trust.

Person standing with a casual shrug and holding their empty pockets inside out, symbolizing the absence of additional tokens, backup codes, or fallback passwords required for account recovery with AuthN by IDEE’s fallback procedures.
person relaxing in a chair with hands behind their head, symbolizing the ease of updates and maintenance provided by AuthN’s SaaS-based solution, which eliminates the need for manual software or hardware updates.

Updates & Maintenance

Maximum Security – Zero Fuss

Because the AuthN solution is fully SaaS (Software as a Service), keeping everything up to date is a job that you simply don’t have to worry about. Let us take care of that – we can imagine you and your teams are busy enough!  

Just be safe in the knowledge that with no additional hardware or software, there is absolutely zero firmware or software updates – you are fully protected with maximum-level security and with zero fuss.  

How We Protect Your Data

Actually… what data? AuthN by IDEE holds zero personal identifiable information (PII) about its users, which is one of the reasons why it is so secure! That said, we take security and privacy incredibly seriously. Privacy is our primary company value, and this is why we also go to enormous lengths to ensure we meet all the important standards and compliance regulations you would expect from a chief cyber security vendor.

Icon of a circular badge with stars and 'EU' in the center, symbolizing GDPR compliance.

GDPR Compliant

IDEE is fully GDPR compliant, meaning that we take your data seriously. Always.

Icon of a certification seal labeled 'ISO 27001,' indicating that IDEE is certified under the ISO 27001 standard.

ISO 27001

We are 27001 certified.

Icon of a certification badge labeled 'AICPA SOC,' representing SOC2 Type II compliance.

SOC2 Type II

We are SOC2 certified.

Icon of a shield with a check mark, symbolizing Defense In-Depth security.

Defense In-Depth

One layer is not enough. We employ layered security for every action.

Icon of a digital network diagram, representing decentralized credentials.

Decentralized Credentials

Fully decentralized asymmetric keys stored inside the device security chip.

Icon of a document with binary code, representing strong encryption.

Strong Encryption

AES-256-Bit & ECC-512.

Did Somebody Say Compliance?

Rest assured, we are proud to say, that the AuthN by IDEE technology is backed by all the important standards. Due to new and incoming legislation, this is especially important if you are based in Europe or The United States.

Icon of a balanced scale, representing legal compliance.

United States - EO 14028 & OMB M-22-09

This executive order outlines the mandate for all federal government agencies and civilian agencies in the federal government, to use phish-resistant MFA. AuthN by IDEE goes one step further, in offering phish-proof protection compliant with EO 14028 & OMB M-22-09.

Icon of a document with a check mark, representing compliance with European regulations.

Europe - The Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554 – DORA

DORA is new legislation aimed at increasing security in the financial sector in the EU and asserts that organizations will be obliged to “Implement  strong authentication mechanisms, based on relevant standards.” AuthN by IDEE is fully compliant with DORA.

Icon of the NIST logo, representing compliance with NIST digital identity guidelines.

NIST (National Institute of Standards and Technology) Compliant

We are compliant with NIST’s digital identity guidelines (NIST SP 800-63).

Icon of the FIDO logo, representing FIDO2 compliance.

FIDO2 Compliant

Expanding upon a FIDO2 compliant architecture, AuthN by IDEE is a strong zero-trust application of MFA. We do not trust blindly; all authentications are explicitly verified.

Icon of a lock with the PSD2 logo, representing compliance with the PSD2 Strong Customer Authentication (SCA) requirements.

PSD2 Compliant SCA

Our MFA uses factors that supersede the PSD2 strong customer authentication requirement.

Icon of a circuit, representing the use of proven technology.

Based on proven Technology

We leverage PKC, TPM/Secure Enclave, and strong encryption.

Icon of a handshake, representing transitive trust.

Transitive Trust

Ensuring a transaction can only be carried out on a “trusted service” by a “trusted device” coupled to a “trusted user” and authorized under the “user’s total control.”

Icon of an envelope with a line through it, symbolizing protection against phishing.

Phish-Proof

Phish-proof > phish-resistant:
AuthN by IDEE protects against every credential phishing and password-based attack, including Adversary in the Middle attacks (AiTM).

Support

It’s easy to find the support you need. Here are your resources:

Icon of a shield with a question mark, representing frequently asked questions for administrators.

Admin FAQ

Got questions? Well, the chances are that they may have been asked before, which is why we have a neat collection of the most frequently asked questions all in one place! Check it out!

Learn more
Icon of an envelope, representing the support ticketing system.

Raise a ticket

Sometimes we just need a bit of technical support. Do you need to raise a ticket? No problem head over to the service desk and tell us how we can help. We will get back to you quickly!

Learn more
Icon of a bug, representing reporting security incidents or feedback.

Report an incident

Is there something we should know about or maybe you just have some excellent feedback for us? Please use this form to report a security incident, vulnerability, or an improvement.

Learn more
Icon of a play button on a screen, representing video tutorials.

Video tutorials

Already an admin? Visit the Knowledge Centre for step-by-step interactive video tutorials. Looking for demo videos? Check our YouTube playlists.

Learn more
Icon of an open book, representing the IDEE blog.

The IDEE Blog

We discuss many topics on our blog from authentication & cyber security, how our partners can build their business and featured guides and tools.  Check it out!  

Learn more

You like what you see? 

Speak to us today to try the best MFAsolution for yourself.

Request a demoTalk to sales
Start a free 14-day trial