Tag: MFA

Securing AWS EC2 instance with Okta

Posted on by Akshit Konaperthi in Okta
  • Usecase Overview
  • Solution
  • Prerequisites
  • Benefits
  • Reference Links

Usecase Overview

The organization needs a modern, secure, and fully auditable approach for managing access to its AWS environment. This includes centralizing and controlling AWS Console authentication, enforcing granular least privilege permissions, and providing administrators with a unified way to access all AWS EC2 servers. Traditional EC2 keypair based server access creates operational overhead and security risks, so the organization aims to eliminate static keys in favor of identity based, short lived access. Additionally, complete visibility into user activity including session recordings and detailed audit trails is essential to support compliance requirements, streamline troubleshooting, and enhance overall security governance across AWS workloads.

Solution

By integrating AWS with Okta and Okta Privileged Access (OPA), the organization can centralize and secure AWS Console authentication through Okta SSO with MFA, while implementing granular, least privilege access by mapping Okta groups to AWS IAM roles via SAML.

OPA further streamlines operations by providing a unified portal for accessing all AWS EC2 instances without relying on static SSH or RDP key pairs, instead issuing short lived, identity bound certificates for every connection. This keyless access model eliminates the operational and security challenges associated with key management, and with OPA’s comprehensive session recording and server level audit capabilities combined with Okta’s authentication logs, the organization gains full visibility into who accessed what, when, and what actions were performed across all AWS resources.

Prerequisites

  • Super admin privileges to access Okta Tenant.
  • Admin access to Okta Privileged Access.
  • Admin support or access to AWS Console
  • Admin Access to Target EC2 Servers

Theoretical Demonstration

Please watch the video to understand how we can secure AWS and AWS EC2 instance with Okta.

Technical Demonstration

Watch a streamlined demo showing how to easily manage identities with Okta and secure both AWS console and EC2 instances using step up MFA factors along with session recording to boost efficiency, security, and auditability.

Benefits

  • Centralized & Secure AWS Console Access
  • Granular, Least Privilege Access Control
  • Unified Access to All AWS Accounts & EC2 Servers
  • Eliminate the key pair used to access the EC2 instances.
  • Comprehensive Session Recording

Reference Links

Okta Privileged Access | Okta Identity Engine

Configure SAML and SCIM with Okta and IAM Identity Center – AWS IAM Identity Center

Duo Two-Factor Authentication for SailPoint Identity Security Cloud

Posted on by Sravanthi Pedduri in Cyber Security, Sailpoint

What is Duo

Duo is a two-factor authentication solution that helps organizations boost security by verifying user identity, establishing device trust, and providing a secure connection to company networks and applications.

Why Duo

Duo is fast, easy and flexible. Passwords and even basic Multi-Factor Authentication (MFA) aren’t enough to keep you safe from today’s attackers. Duo gives you the extra layers of protection you need for secure access management. With this setup, Duo two-factor authentication (2FA) is added as a verification option for account unlocking and password resets.

Prerequisites to integrate Duo

  1. Configure SailPoint Web application and copy ClientID, secret and hostname these details are required for SailPoint integration.
  2. Add users and enroll them in the application. User should have an account in SailPoint.

Technical Overview:

Here’s the technical demonstration on the integration of Duo

Use case Demonstration – Integration flow:

Please refer to the below video to have an understanding about Duo integration

SailPoint configuration

  1. The steps to be done in SailPoint tenant for duo integration
  2. First in SailPoint, integrate the Duo and then check the test connection after successful test connection
  3. Enable multifactor Authentication in Identity profile
  4. And select duo web in Password Reset and Unlock Settings
  5. Now you are all set to use duo authentication

Duo 2FA for Identity security cloud password reset

  1. With duo integration user can reset his password
  2. First user has to proceed to reset password
  3. Enter the username
  4. Then you should enter the passcode received from duo after successful duo authentication you can able to set new password

Duo 2FA for Identity security cloud Unlock account

  1. If the user account got locked, then he can unlock his account with duo integration
  2. First user has to proceed to unlock account
  3. Enter the username
  4. After successful duo authentication your account will be unlocked

 

A Deep-Dive into Okta Sign-On Policies

Posted on by Tanuja Bhogi in Okta
  • Introduction
  • Usecase Overview
  • Usecase Demonstration
  • Challenges
  • Conclusion
  • Reference Links

Introduction:

In today’s digital landscape, organizations rely on various applications to enhance productivity, necessitating secure access for diverse workforces, including remote employees and contractors. To ensure secure access for remote workers using new devices, implementing Multi-Factor Authentication (MFA) is essential. When accessing sensitive applications from unrecognized devices, Okta prompts for MFA, requiring additional authentication steps such as a one-time password or biometric verification. Administrators can set contextual-behavior based sign-on policies to determine when MFA is necessary, enhancing security and reducing unauthorized access risks, while logging all attempts for monitoring and auditing.

Usecase Overview:

Please refer to the below video to have an understanding about Okta Sign-On Policies focusing on their structure, functionality, and how they enhance security using contextual behavior detection methods.

Usecase Demonstration:

This demonstration offers a comprehensive overview of the Sign-on Policies in Okta, highlighting the practical application with a common scenario around WFH / remote employees.

Challenges:

In general, many organizations encounter various challenges when it comes to user access management: 

  • Securing access for remote employees, contractors, and full-time staff who require varying levels of access to applications. 
  • Ensuring consistent user attributes and access permissions across all applications. 
  • Demonstrating compliance with security standards by implementing strong access controls and monitoring user activity. 
  • Minimizing administrative overhead associated with managing user identities and access. 

Conclusion:

Implementing Okta for centralized security management enables organizations to leverage the platform’s robust features and benefits. By setting up user groups, integrating applications, configuring session policies, and enabling MFA, companies can create a secure and efficient identity management system that meets their specific requirements. 

Reference Links:

Global session policies | Okta Docs

Authentication policies | Okta Docs

Multifactor authentication | Okta Docs

Behavior Detection | Okta Docs

Risk scoring | Okta Docs