Here's My 5 Key Takeaways From #Oktane19 In San Francisco for 2019

What a week and what an experience in San Francisco for their yearly #Oktane conference which was jam-packed with events over 3 days. A special thanks to @Deloitte for sending me over with the wider identity team from Melbourne and Sydney and @Okta. Here's my take on #Oktane19 and key points

Alex Gallacher

Apr 15, 2019 — 8 min read

Oktane19's opening keynote with Okta's CEO Todd Mckinnon on stage

Travelling to San Francisco for Okta's Oktane19 Conference was a blast!

I was fortunate to travel to #Oktane19 up on the West Coast of the US in San Francisco where I explored what's next for Okta in the coming year.

Here's my take on #Oktane19 and key points I took away from the conference and the key trends in our cyber industry.

Union Square hotel on sunny day in San Francisco day before Oktane19 — Sunday Morning @ Union Square San Francisco

I was lucky enough to be part of the team @Deloitte that was awarded two awards on the first night, winning both the Okta APAC Partner of the Year award and GSI (Global Systems Integrator) Partner of the Year which is a massive achievement for the whole team.

Union square in San Francisco at dusk before Oktane19 — San Francisco On Sunday Evening, This Was The Only Sunny Day

This year @Okta's, CEO Todd McKinnon announced a tonne of updates through the company opening keynote which was distilled into 5 key takeaways for the coming year. With over 4,000 people in the audience, the core theme behind this year's Oktane conference is that Trust is the new frontier in technology and without it, technology won't reach its full potential.

"Trust is the new frontier, Identity is key to security and key to the user experience. It’s the connection between people and technology. Trust is about how people feel and identity is key to trust. It’s all connected and the foundation is user trust" in opening from Todd McKinnon the CEO of Okta

5 Key Takeaways

Todd McKinnon introducing Oktas Webhooks at Oktane19 — Todd McKinnon Introducing Okta Inline WebHooks

1) Inline Webhooks

Okta WebHooks is a new capability which will extend the ability of developers to further integrate their third-party solutions with the Okta Identity Cloud platform with the functionality being designed to cater for distributed microservice architecture currently in use across the industry. Some examples of such were E-Commerce platforms, Marketing automation platforms and CRM (Customer Relationship Management).

Okta's CEO Todd Mckinnon introducing Okta's identity platform introducing custom code options for inline webhooks — Todd McKinnon Exploring Custom Code Integration Options

Naturally, all this is an outbound call from Okta to a piece of custom code which is triggered at specific points on the Okta identity process flows but it provides a degree of flexibility that was not originally provided by Okta allowing for even more integration points and use-cases to be catered for.

There are some great use cases that already exist that could be tacked on to existing identity services for organisations, such as looking at the legitimacy of emails signing up to e-Commerce or Enterprise platform before creating the user to identify potential fraudulent activity or providing specific alerting and notification of identity-related events to the business.

Okta Web Hooks diagram performing a inline hook to an external service — Inline Web Hook With Okta And External Service

During the execution of an Okta process flow, at the extension point between points A and B, Okta sends a request to the external service.
The external service performs some processing.
The external service sends a response back to Okta.
Okta receives the response, acts on any commands it includes, and resumes the process flow that originally triggered the inline hook.

I would be interested to see if this idea of In-Line Hooks originally came from Joel's blog post or commit 2 years ago and pitched as an internal development project

Todd McKinnon introducing Okta's strategy of connecting everything — Todd Mckinnon Connecting Everything

No doubt there will be some great technical use cases to follow as the platform looks to expand its integrations network from 60,000 to more than 600,000 Integrations as a core strategic move.

Todd McKinnon introducing Okta strategy to integrate over 600,000 applications into its Web application repository — Todd McKinnon Announcing Okta Is Looking Towards Over 600,000 Integrations From The Current 60,000

2) Advanced Server Access

The Zero Trust framework as people like to call it sounds a lot more interesting than it probably is. The core idea around Zero Trust is that access to corporate resources should be restricted until the user has proven their identity and access permissions. Okta is trying to make this a reality with their recent acquisition of ScaleFT

Okta at the core of managing business and customer access and identity — Okta Wants To Be That Core Platform That Controls Authentication & Authorisation To Everything

The premise of the solution lies around the fact that today, organisations are struggling to keep track of who has the keys to access servers running mission-critical workloads and storing valuable data, and are woefully limited when it comes to provisioning and de-provisioning powerful administrative accounts. This problem is now compounded by organisations moving towards and heavily relying on multi-cloud infrastructure such as AWS (Amazon Web Services), GCP (Google Cloud Platform) and Microsoft Azure which leads the business with limited visibility across their infrastructure and no centrally controlled way of securing their hybrid environment which is traditionally very costly and time-consuming.

The whole concept of this product is to provide Okta-driven identity security when accessing public and private cloud resources. This replaces static keys traditionally used to access these resources with Okta’s centralised identity security and administration, including a dynamic credentialing mechanism that allows contextual authentication of every login under one roof.

Identity has been a hot topic for several years with the advent of cloud technologies and with many businesses moving to a hybrid infrastructure approach to doing business. I think the time is now to shift this thinking towards PAM or (Privileged Access Management) which Okta is starting to do too.

3) Risk-Based Authentication

Okta's Risk-based authentication adds machine learning to the authentication processes, building an understanding of user behaviour to detect anomalies that may suggest an attempted exploit and an overall holistic understanding of a user's actions to invoke adaptive authentication to validate a user’s identity with additional verification steps or other actions that are required.

Todd McKinnon introducing Oktas Machine learning tool for authentication of logins — Todd McKinnon Announcing How The Machine Learning Algorithm Will Categorise A Login Event

Essentially the system works by building a profile on you and your authentication habits by analysing where you are authenticating from, what device you are on and whether you are on or off the network. Okta will then calculate a risk score which will be based on the contextual elements and will decide whether to allow you access, prompt you for another authentication factor or deny your access request altogether - pretty basic stuff but super functional from a fraud and malicious threat actor perspective.

4) Okta Identity Engine

The Okta Identity Engine is a new set of customisable building blocks that enable developers to adapt pre-defined authentication, authorisation and registration flow to meet their specific needs, shaping a user’s identity experience depending on the context. This is a great move by Okta as customers look to have an even faster and more seamless UX and UI journey and experience to perform specific functions.

Okta identity engines 5 step process — Okta's Identity Engine In Detail

What that essentially means is that as identity architects, we can create more seamless experiences for both Customer and Workforce use cases and start to further bridge the gap between user design and experience and those security requirements organisations need.

Okta introducing it's ability to deliver new catalogue experiences for customers — Delivering new UI experiences

A great example provided by Okta is a scenario where a fan buys a ticket to a game for the first time.

The fan goes to a ticketing website and decides to register in exchange for a first-time user discount. To register, the user is prompted to enter their name and email address.
Subsequently, an Event Hook pushes the user into the company’s email marketing system (e.g., Marketo or Salesforce). The user is now activated and can freely browse the website.
Sometime later, the user decides to make a purchase, at which time another set of flows can occur because a more sensitive experience is being accessed.
Starting with the click to purchase, the user is emailed a magic link to validate their email and register it as an authentication factor. Because the user has indicated higher engagement, the system can prompt for additional information, (known as progressive profiling), asking for geographic and other contextual information.
Once completed, the flow can authorise the user to use other company products, such as a payment app.

This provides Passwordless User, whereby we can create a user on the fly based on contextual information such as Device, Geo-location and Email, in which case a user is not asked to set up a password to not inhibit their browsing experience on an organisations website until they do a credible transaction that would require further security measures such as buying the ticket above. In this case, we can just prompt the user to set a password before purchasing the ticket through Progressive Profiling reducing the abandonment potential of a customer buying a service or product on our website.

5) Okta Ventures

Okta ventures is Okta's Investment fund providing $50 million to startups that are focused on technologies such as Artificial Intelligence and Blockchain to address challenges in Identity, Security, and Privacy.

One of the first businesses they chose to invest in was Trusted Key, a fascinating enterprise-wide solution built to prevent identity fraud, improve security and enhance the consumer experience with password-less authentication and transaction authorisation.

Oktane19 Guest Speakers & Sponsors

Throughout the time we were there, there were several guest speakers we heard from, telling us their own stories and ideas for the future:

Sir Time Berners-Lee Inventor Of The World Wide Web giving Oktane19 keynote — Sir Time Berners-Lee Inventor Of The World Wide Web #1

Sir Tim Berners-Lee Inventor Of The World Wide Web opening statements at Oktane19 keynote — Sir Tim Berners-Lee Inventor Of The World Wide Web #2

Frank Abagnale presenting the keynote at Oktane19 about his Cyber Security and Fraud Prevention career and being the Original Catch Me If You Can. — Frank Abagnale - Cyber Security and Fraud Prevention Expert. The Original Catch Me If You Can. All The Movies And Stories Were Based On Frank Who's Been Working For The FBI For The Last 40 Years!

A large number of partners showed up for the event and were situated around the massive conference floor for conversations - some super interesting ideas and innovations coming into the mix!