Travelogue from Oktane 2023

Oktane day 1 | Partner Summit & José Andrés

The main program for Oktane usually kicks off in the afternoon of the first day, making room for several «pre-conference» programs earlier in the day. For us, the most important of them is the Oktane Partner Summit, where we:

• Get to hear Okta’s views on the work they do with us partners, including updates to the various partner programs and such.
• Get a preview of what we’ll be seeing the rest of the week during Oktane proper.
• A chance to meet and discuss with other Okta partners, across fields, geography and partner types. I myself had some interesting discussions with some people from Google during lunch.
• A series of presentations and talks on various subjects, relating to both sales and more technical topics.
  
  

Cloudworks participates in engaging panel discussions

Our own cloud architect and Okta tech lead, Andreas Faltin, participated as a panelist in a discussion where the topic was “Identity Impact is top of mind for security”, adding his good insights to those of other Okta partners! 

The panel from the left: Jeremy Weiss, Suresh Suram, Tracey Nyholt, Andreas Faltin, Akshay Chandu and Adrianne Ward.

José Andrés' keynote on World Central Kitchen

In the afternoon, the first Oktane keynote featured a “fireside chat” with José Andrés, the founder of World Central Kitchen (WCF), an organization that brings food and aid to victims of catastrophes, both natural and man-made.

It was truly captivating to listen to José Andrés as he shared his personal journey and shed light on the remarkable approach of WCK towards their global work. The organization's emphasis on adaptability in the face of any circumstances, rather than meticulously planning for every possible outcome, is truly inspiring.

Oktane day 2 | The Day of the Keynotes

The second day of Oktane, the first full day, started off with Okta CEO Todd McKinnon’s main keynote, and what a keynote it was! Okta has no doubt been taking their vitamins this year!

There were a lot of announcements of upcoming features and improvements across the entire Okta platform, both for workforce and customer identity, but the large overarching theme was how Okta are planning to add AI to their services, ranging from assisting in detecting and handling threats via assisting in setting up policies and configuration to suit your own specific needs to helping developers creating the code they need to ingrate their services with Okta WIC (Workforce Identity Cloud) and CIC (Customer Identity Cloud - Okta's CIAM) in various ways. It’ll be interesting for sure to see how this will impact Okta customers in the year and years ahead!

The rest of the day also brought keynote presentations more specifically targeted at Okta WIC and CIC as well as for developers. These were nice follow-ups to Todd’s keynote and underlined the messages and features presented there.

Oktane day 3 | The Day of the Roadmaps

There are always a lot of interesting keynotes with various Okta announcements and demonstrations. My favorite sessions though are the product roadmap sessions, where we get to go into a lot more of the nitty-gritty specifics of the what, how and when of the various features being introduced and enhanced.

The greatest part of attending these sessions? The sheer number of occasions where you get to think “Ooo! I must take a note and a screenshot of this slide, so I remember to bring this to Customer X!”.

Okta is pushing forward across the entire range of platforms and products, all the while taking steps to ensure that the platform stays consistent and that the constituent parts hang together in a consistent way.

Oktane announcements

Okta has been kind enough to provide an easily-accessible overview of the announcements at Oktane, which you can find here: https://www.okta.com/oktane-2023-announcements/

Here are some of the main announcements that we wish to highlight:

Okta Privileged Access (Workforce Identity Cloud)

Slates for release in December, this adds many of the traditional PAM features directly into Okta WIC. Starting with managing access to privileged accounts, for limited periods of time, letting you even work with zero standing privileges if you like, but also encompassing features like session capture and password vaulting. All this while integrating closely with Okta Identity Governance and other parts of the Okta platform. 

 Identity Threat Protection with Okta AI (WIC)

Today, most security is focused on verifying the user and the access upon initial authentication when the user starts a session involving a service or system. Okta are looking to make this more of a continuous exercise, where you also throughout a session are being re-evaluated, and where new signals that have been picked up since the start are brought into the evaluation and then acted upon.

A lynchpin to all this is the introduction of actual Single Logout, where, given particular circumstances, e.g. an account compromise, Okta WIC can specifically sign you out from all downstream services and applications, nullifying sessions and stopping a potential harmful attack dead in its tracks. In other circumstances, you might wish to prompt the user to authenticate with higher-quality MFA or give a notification to your security team so they can follow up in a suitable manner.

 Okta Identity Governance Entitlement Management (WIC)

Slated for General Availability in Q4 this year, entitlement management will give you the option of directly linking your Okta users and groups to end system entitlements.

Earlier, this would be handling by using groups in Okta and then letting the integrations or end systems themselves figure out what those group memberships entailed, but now you can mix and match to make sure that your specific needs are met according to the management you wish to do on these resources.

 Passkeys (Customer Identity Cloud)

Passkeys are one the biggest developments within authentication is recent years, basically sidestepping so many of the problems and challenges inherent in traditional passwords. I won’t dig into the full presentation of passkeys here (that’s worthy of an article of its own), but Okta will be bringing support for passkeys to Okta CIC in the near future.

 Fine-Grained Authorization (CIC)

Okta CIC will be using Fine-Grained Authorization (FGA) to provide high resolution, targeted access control to any given resource or set of resources in a given service, tying different dimensions of access control together so that anyone managing it gets a perfect fit for what the users need and nothing more.

 Identity Flow Optimizer with Okta AI (CIC)

This is more of a long term thing, estimated for limited release late next year, but it’s too good to not mention. By analyzing the data and logs of your tenant, Okta CIC aims to give you recommendations on how to optimize your various identity flows, to lessen end-user friction and make sure that you get as much as possible in end-user value without making unacceptable security compromises along the way.