Security strategy that relies on risk assessment and policy implementation, ensuring automatic device logout for enhanced security measures.
Welcome to the latest instalment of the Okta Secure Identity Product Blog Series, where we delve into the world of identity security and explore the features that make Okta a powerful tool for businesses. Today, we're focusing on Device Logout, Identity Threat Protection, and Okta Device Access.
Device Logout, a new feature in Okta Device Access, allows organisations to log out risky or inactive users remotely. This is a crucial step in maintaining the security of your corporate devices and ensuring that only legitimate individuals have access.
To use Device Logout, you need access to Identity Threat Protection within your Okta tenant. Identity Threat Protection is a required feature for automatically triggering Device Logout for a risky user by configuring an Identity Threat Protection entity risk policy.
Okta Device Access extends identity security to corporate devices, offering features like Desktop MFA, Desktop Password Sync, Just-in-Time Local Account Creation, and more. With Device Logout, it's now possible to log out users of macOS devices remotely, even when security or lifecycle events occur, such as credential compromise or offboarding.
Device Logout works by forcing users to reauthenticate, helping to ensure that users only have access to the resources they require and under the right circumstances. This helps reduce the risk of privilege creep and insider threats.
The integration with Identity Threat Protection takes Device Logout a step further. Identity Threat Protection continuously assesses identity risk signals from Okta and third parties via its AI-powered risk engine. When a risk policy is triggered, Identity Threat Protection can automatically initiate a Universal Logout (signing the user out of all devices and applications) or trigger delegated flows through Okta Workflows to remediate threats.
Universal Logout complements Device Logout by revoking sessions and tokens not only in Okta but across federated applications and API tokens, providing a comprehensive session termination capability for Adaptive MFA customers.
Device Logout can be triggered manually by an admin for a specific user, automatically when a user is deactivated or suspended in Okta, for a risky user by configuring an Identity Threat Protection entity risk policy, or manually by an admin when clearing user sessions from the user's profile page.
By automating actions through policies, organisations can define clear security policies that help them automate granting and revoking user permissions based on user status, context clues, risk level, and minimum requirements.
Cynthia Luu, Principal Product Marketing Manager of Okta Workforce Identity Cloud, discusses the effectiveness of automating actions through policies in building robust and comprehensive security. Prior to joining Okta, Cynthia managed IBM's portfolio of data protection solutions, initiatives on Zero Trust and data privacy, and their market development and customer insights programs.
Visit the product web pages to learn more about Okta Device Access and Identity Threat Protection. For more information about Device Logout, refer to the product documentation. By implementing Device Logout and Identity Threat Protection, you can ensure that user and device credentials compromised or at risk are quickly invalidated, and user access is tightly controlled across endpoints and applications.
[1] Okta Documentation: Device Logout [2] Okta Documentation: Identity Threat Protection [3] Okta Blog: Introducing Device Logout for Okta Device Access [4] Okta Blog: Okta Device Access for macOS: A New Era in Device Security [5] Okta Blog: Universal Logout: A New Era in Session Management
- Okta's Device Logout feature, part of Okta Device Access, enables organizations to log out risky or inactive users remotely from corporate devices, enhancing security and access management.
- To utilize Device Logout, one needs access to Identity Threat Protection within their Okta tenant, a feature that triggers Device Logout for risky users via an Identity Threat Protection entity risk policy.
- Okta Device Access, in addition to features like Desktop MFA and Desktop Password Sync, allows remote logging out of macOS device users under various security or lifecycle events.
- Device Logout secures user access by forcing users to reauthenticate, reducing the risk of privilege creep and insider threats.
- The integration of Identity Threat Protection with Device Logout further enhances security by continuously assessing identity risk signals to automatically initiate a Universal Logout or remediate threats.
- Universal Logout complements Device Logout by revoking sessions and tokens not just in Okta, but across federated applications and API tokens, providing a comprehensive session termination capability for Adaptive MFA customers.
