Extending Active Directory to Box for Seamless IT Management
-
Upload
okta-inc -
Category
Technology
-
view
1.000 -
download
1
description
Transcript of Extending Active Directory to Box for Seamless IT Management
Box à Active Directory with Okta
Agenda
- Introduction to Okta and Box - AD Integration with Okta - New Offer from Box and Okta
okta confidential 2
IT is Going Through a Radical Transformation…
okta confidential 3
App
licat
ions
Employees, One Desktop
Use
rs
On Premises Increasingly In The Cloud
Consumerization of IT & Post-PC devices
Cross- company collaboration
…That Transformation Causes New Problems
okta confidential 4
App
licat
ions
U
sers
User store
okta confidential 5
okta confidential 6
okta confidential 7
okta confidential 8
okta confidential 9
Modern Identity & Access Management
okta confidential 10
• First true Cloud IAM service • Full suite of IAM features (SSO, provisioning, analytics) • Bridges existing user stores (AD / LDAP) to the cloud
Modern Identity Management
Veteran Team
Strong Customer Success
A simple vision.
Share, manage, and access your content from anywhere.
The Market is Transforming IT Moves to the Cloud
Consumeriza@on of IT
Everyone is Sharing and Collabora@ng
What We Expect From our Apps Now
100% cloud-‐based for low cost and easy maintenance
✔ ✔
✔ ✔ Works on any mobile device
Fully flexible, but compliant with your IT policies
Secure, trusted, scalable, and always available
The New Enterprise Apps Checklist:
MANUFACTURING & INDUSTRIAL
INTERNET & HIGH TECH
ENTERTAINMENT & MEDIA
SERVICES EDUCATION & NON-‐PROFIT
RETAIL
Customers Love Using Box
Our PlaWorm
A Vibrant Ecosystem
300M Monthly API Calls
220+ Applica@ons
8,000+ App Developers
Box Partners
Users IT
Superior Solu@on for Users and IT
ü Easy to use ü Accessible anywhere ü Streamlines sharing
ü Enterprise grade security ü Simple to deploy and maintain ü Lower TCO
Agenda
- Introduction to Okta and Box - AD Integration with Okta - New Offer from Box and Okta
okta confidential 19
Active Directory Integration - Overview
Remote users authenticate with AD username and password
1 Local users transparently authenticate using Integrated Windows Authentication
2
Access policies driven by AD security groups
3
Remote/Mobile Employees
Active Directory
Employees
Okta Agent(s)
Group Sales
Firewall
okta confidential 20
Active Directory Integration - Benefits
Remote/Mobile Employees
Active Directory
Employees
Okta Agents
Group Sales
• Simple agent install, no network configuration required • Multiple agents supported for HA authentication
Easy to Use, Just Works
• Scheduled or Manual Import of Users • Automatic De-Activation in Okta of Disabled/Deleted Users • Delegate Authentication for Okta to AD
Broad Functionality
• Integration into Windows Desktop Login Tight Windows Integration
Remote users authenticate with AD username and password
1 Local users transparently authenticate using Integrated Windows Authentication
2
Access policies driven by AD security groups
3
okta confidential 21
Integrating Active Directory
Download AD Agent, Install on Windows Machine
1 Configure Agent:
Directory Location, Credentials, Sync Interval
3 Configure
import rules
4
Internet Firewall Your Network
AD Domain Controller
Okta Agent (On Windows Server)
https://yourcompany.okta.com
2 • Enter Okta URL and credentials • HTTPS from company to Okta • No firewall configuration necessary
okta confidential 22
Import Options
• Confirm and Activate on Login
okta confidential 23
Ongoing AD User Synchronization
Internet Firewall Your Network
AD Domain Controller
Okta Agent (On Windows Server)
https://yourcompany.okta.com
3 Users provisioned, de-provisioned; application assignments based on security group membership
AD Agent Scans AD for changes and makes HTTPS request to upload to Okta
1
Okta receives update, processes user and group changes
2
okta confidential 24
Delegated Authentication to AD
Internet Firewall Your Network
AD Domain Controller
Okta Agent (On Windows Server)
https://yourcompany.okta.com
User logs into https://yourcompany.okta.com using Okta username & AD password 1 Okta communicates to AD Agent via persistent
connection to validate password 2
Agent responds with success or failure
3 Okta returns Box homepage (success) or failure message
4
Inside/Outside Network
okta confidential 25
Desktop SSO
Firewall
2
1
AD Domain Controller
Get To Box with NO Login Page • User logs on to domain • Can then access Box with no additional login
Secure: Uses Integrated Windows Authentication (Kerberos)
Easy to deploy: Leverages light weight agent running under IIS
Okta IWA Agent
okta confidential 26
Integrated Multifactor Authentication
• Security question • Smart phone Soft Token • Can integrate with 3rd party MFA products
• Flexible policy • Self service configuration • Fully integrated as part of the Okta service
• Phishing • Guessed passwords • Key loggers
okta confidential 27
Case Study
okta confidential 28
Enterasys - Key Challenges
- Security - BYOD, BYOA, Consumerization - “Cloud First” IT strategy - Increasing number of cloud apps, rapid move to
the cloud - No existing SAML infrastructure for single sign-on - Application Adoption Metrics
29
Okta @ Enterasys
30
Enterasys - Key Benefits Realized
- User Benefits - My Applications page - Desktop SSO using Integrated Windows Authentication (IWA) - One password through AD integration - Consistent Access from any device (BYOD)
- IT Benefits - Security - Ability to monitor application adoption - User deprovisioning - AD integration, Groups
31
Agenda
- Introduction to Okta and Box - AD Integration with Okta - New Offer from Box and Okta
okta confidential 32
New Offering from Okta and Box
- Use Okta to Connect Box to Active Directory - Secure Access to Box - Reduce Administration Costs for Box
- Do all of this for FREE okta.com/box
okta confidential 33
Many customers use Okta + Box together today
okta confidential 34
Enterprise SaaS Technology Life
Sciences Online
Services Mfg, Legal,
Finance
Why this new offering?
- Solves a common requirement for Box users (integrate Box with Active Directory) - But now lets you do so for Free
- Introduces Okta to more enterprises. All of you will use more cloud apps in the future, and we want to be the partner you turn to.
- It’s very easy to expand Okta to cover the rest of your applications.
okta confidential 35
Call To Action
Get a free Okta account for Box here: www.okta.com/box Questions? Ryan Carlson, Okta [email protected] Brian Dirking, Box [email protected] okta confidential 36
okta confidential 37