A major issue that organizations face for authentication is managing a host of different credentials for various different web applications. Traditionally, web app authentication requires a unique and complex set of credentials to ensure only those with approved access can log in. However, this can lead to inefficiencies in a company and bottleneck an IT department. People forgetting their passwords or losing their credentials is a major hassle.
Luckily, Okta enables the use of one set of credentials to access all web applications within a network, this can be taken to another level by configuring users to authenticate with certificates.
Okta accomplishes authentication to web apps through the use of PIV, Personal Identity Verification. Each organization user is distributed a physical smart card configured with identifying information that is used for authentication. Often, the PIV is paired with a PIN number to instill multiple factors of authentication, which is much more secure.
Unfortunately, even with both the PIV and the PIN, credentials are more vulnerable than certificates. Credential-based authentication doesn’t stand a chance against over-the-air credential theft, which can be eliminated by configuring certificate-based authentication .
Combining SecureW2 with Okta SSO allows you to use certificates without having to struggle with any complicated configuration.
Okta SSO With Certificates
The process of manually enrolling certificates for SSO is involved and mistake-prone, especially if left for network users to complete. It requires a high-level of IT knowledge to understand and presents many opportunities for misconfiguration. To ensure accurate configuration, we recommend you utilize SecureW2’s JoinNow MultiOS onboarding software.
The JoinNow solution allows users to self-configure by completing only a few steps designed to simplify the user experience.
To set up with SecureW2:
- From SecureW2 management portal, under PKI Management, select Certificate Authorities.
- Download your Root and Intermediate Certificate Authorities
- Combine your Root and Intermediate Certificate Authorities and save as a .pem file.
- Under Users, go to Social and Identity Providers.
- Go to Add Identity Providers.
- Upload your combined CA’s to the Certificate Chain.
- Configure IdP username as configured in screenshot.
- Match against Okta Username.
Congrats! You are now properly configured for certificate SSO authentication.
Make Okta Certificate SSO Easy With SecureW2
By adding certificate capability to Okta SSO, an organization is able to offer pinpoint security while ameliorating user experience. Certificate-based authentication protects against over-the-air attacks and prevents a user’s identity from being exploited by another. If you’re interested in adding SecureW2 #1 rated service, check out our pricing page.
*** This is a Security Bloggers Network syndicated blog from SecureW2 authored by Eytan Raphaely. Read the original post at: https://www.securew2.com/blog/okta-certificate-authentication-sso/