April 3rd, 2025
In an Okta environment, connecting an external service to the API typically requires a token, which can be obtained through either API Tokens or API Service Apps, each with its own benefits and drawbacks. API Tokens are quick to implement but have security and management limitations, while API Service Apps offer greater scalability, automation, and security using OAuth 2.0.
April 3rd, 2025
Browser-in-the-Middle (BitM) attacks bypass multi-factor authentication by stealing session tokens, often through social engineering tactics like phishing. To protect against these attacks, organizations should use hardware-based MFA, client certificates, and FIDO2 standards while educating employees and monitoring for suspicious activity.
March 24th, 2025
Okta automates user access management, streamlining onboarding, role changes, and offboarding while enhancing security. Integration with our HR system ensures instant access for new hires and immediate revocation for departures, reducing errors and improving efficiency.
March 23rd, 2025
Incident detection and reporting are crucial for identifying security breaches, minimising risks, and ensuring compliance with regulations like NIS2 and NIST. Okta simplifies this process with real-time monitoring, AI-driven analytics, comprehensive audit logs, and seamless SIEM integrations, empowering businesses to respond quickly and effectively to potential threats.
February 27th, 2025
The use of machines in organisations has grown exponentially, while growth allows for higher volume of automations and lightning speed machine to machine transactions, machines often operate with privileged access, handle sensitive data and authenticate with single factor authentication.
February 12th, 2025
As my work shifts to Customer Identity Cloud and I explore OAuth 2.0 and OpenID Connect, token management is crucial. Custom development offers flexibility but presents challenges, like OAuth 2.0 leaving token lifetimes to the implementer, balancing security and usability.
February 10th, 2025
Cybersecurity can feel overwhelming, especially with new rules like the EU’s NIS2 Directive. But the truth is, these changes are here to help us stay safer and more resilient in a world where cyber threats are always evolving. Pair that with a smart strategy like Zero Trust and tools from Okta, and suddenly compliance and protection don’t seem so hard.
January 30th, 2025
Are you having trouble figuring out how to update roles: Viewer, Creator and Admin after integrating Loom to Okta?
January 2nd, 2025
While the planning, implementation, and rollout of an IAM solution will always be an ongoing function that varies based on organizational needs and use cases, it can be useful to organize your design into three main tenets.
December 15th, 2024
Am I a human? Or am I a bot?
I recently watched Terminator 2 – what a great film! 😊
The scene where the T-800 makes the phone call impersonating the voice of John Connor really did predict the future. Who thought we’d be living this threat IRL today? In addition to many, many spam emails, today I received a phishing phone call from my ‘HR Department’ asking me to share sensitive information.
October 14th, 2024
Okta does not currently support the concept of service principals (feature request! @Okta 😊) Service Principals are a better way to manage application permissions, see examples from Microsoft: https://learn.microsoft.com/en-us/entra/architecture/secure-service-accounts#service-principals.
August 15th, 2024
In this post we going to introduce our top 5 pick of the month, consist of frameworks, databases, open source backends and more.