Identifying the platform
Okta has revamped the underlaying fundament of the environment to make it fit for new and changed requirements from customers. This change requires customers to recognize which platform they are on; Okta Identity Engine or Okta Classic Engine. It is also shown in the Okta Documentation as different sections:
Different sections for Identity and Classic Engine
In this series we’ll look at detail in the bigger differences. Make sure that you have identified the platform you are on by checking the version number in your Okta Admin Dashboard footer. If it has an “E” to the version number you are on the Identity Engine.
Example of a version information
Okta will never move your tenant to the Identity Engine without notifying you. There will be an informed process of the migration with an aligned timeline and procedure. The migration itself, however, will be without any impact on the user experience or requirement for admin participation.
The key features
Upgrading the platform introduces a few changes as well as new features. A lot of changes happened in details, some of them outside of note of customers, but there are a couple of key features that have been introduced with OIE. We will visit all these in this series in greater detail.
1. FastPass
Okta FastPass is a new way for leveraging Okta Verify to authenticate users quick and securely to Okta. When logging in with a device for the first time, Okta can now use Okta Verify to remember the device and create a secure multi-factor authentication with just one device. Users on a computer, like MacOS or Windows PC, now don’t need their phone with them. They can just use the locally installed Okta Verify to authenticate passwordless by using the device's biometrics and the device context.
Authenticate passwordless with Okta FastPass
2. Device Context
Thanks to the added functionality to the authentication process Okta can now hold the device information in addition to the user information. Administrators can now see the users’ devices that they’ve connected from to Okta and adjust the authentication policies depending on the context or suspend or revoke devices from connecting:
Example of a device context page for one user
3. App-level Policies
Authentication and app-sign in policies have received a major upgrade and are now global session and app-level policies. The main difference is that there are now more options for the administrators to adjust the authentication requirements based on the context from where the user tries to connect, like location, device context, managed/unmanaged device, type of device, etc.
Example of an app-level policy for the sign-on context
The added features are configurable on the app-level policies, which makes it easier now to adjust authentication for high or low risk applications. Apps can be assigned to a authentication policy to make management of app-level policies easier.
Authentication policies can hold multiple apps
4. Flexible Account Recovery
Account recovery is still one of the pain points of modern IT administration. It's often complicated and time-consuming for both the users as well as the service management. With flexible account recovery Okta now gives more options to allow users to recover their accounts independently from manual administrator interaction, while maintaining the highest levels of security. Administrators are able to control the options given to the users to reset their factors.
Options for self-service account recovery
