Multi-Factor Authentication for OKTA Users

Multi-Factor Authentication (MFA) is becoming increasingly important in today’s highly connected world. With cybersecurity threats on the increase, MFA adds a valuable layer of login data security that is especially difficult for hackers to circumvent.

Most people have used MFA at one time or another, even if they may not be familiar with the terminology. By requiring users to provide two means of authentication, including both a password and some other means of identification such as a fingerprint or an electronically generated authentication code, MFA provides a powerful additional layer of security.

Unfortunately, many users are overwhelmed with the task of managing logins and passwords for all of the various websites, applications, and systems that they use on a regular basis. As a result, it’s fairly common that a user will enter duplicate credentials across two or more systems. This encourages hackers to trade in stolen user IDs and passwords and attempt to use those credentials on multiple sites and systems in hopes of gaining access to one or more of them.

This strategy is frequently successful, and it’s especially concerning in the case of financial institutions, e-commerce websites, and other systems that give thieves an opportunity to walk away with a substantial amount of money, stolen merchandise, or sensitive personal data. MFA is an important and very effective defensive measure.

OKTA’s MFA Solution

Many of the largest businesses in the world have selected OKTA as their MFA provider of choice. The company occupies a coveted space in Gartner’s Magic Quadrant for Access Management, having achieved that status for the fourth year in a row as of 2020. In fact, Gartner described OKTA as “the only vendor that has consistently been a Leader since the inception of Gartner’s evaluation of the identity space.” Forrester Research, likewise, has recognized OKTA for its leadership position in its “Zero Trust eXtended Ecosystem Platform Providers” report for 2019.

It is a bit surprising, therefore, that OKTA’s MFA product offering does not support one of the most popular and enduring mainframe platforms on the market, IBM i systems. In fact, we still encounter quite a few knowledgeable IT professionals who are not even aware that MFA can be implemented on IBM i systems at all.

There’s some good news for companies that have chosen OKTA as their MFA solution, though; Precisely’s Assure MFA supports IBM i natively and can serve as a complementary solution to OKTA’s MFA. By pairing Assure MFA with OKTA, enterprises can continue running their established MFA solution while extending their users’ login capabilities to provide access to IBM mainframe systems.

Assure MFA: Multiple Levels of Access for IBM i

MFA is an especially powerful tool in the battle to stay ahead of cyber-criminals. Over and over, it has proven to thwart attacks. This is especially true in cases where credentials (user IDs and passwords) have been stolen.

There is tremendous value in having an integrated MFA that works alongside OKTA, but Assure MFA from Precisely addresses a number of more sophisticated use cases for IBM i. This includes some scenarios that call for special consideration, such as elevated user privileges. Assure MFA works in conjunction with Assure Elevated Authority Manager for MFA when providing elevated privileges to a non-privileged profile. This affords companies substantial additional flexibility and control with respect to which users have access to specific capabilities in the IBM i system. In addition, Assure enables administrators to provide multi-factor authentication control over IBM i command-line execution.

Because Assure MFA is designed with the specific requirements of IBM i systems in mind, it can be used to ensure that only approved users are allowed to view or update specific files or to run selected commands.

Assure MFA Adds IBM i Support to a Wide Range of MFA Solutions

What if your organization is using something other than OKTA? If your company has deployed DUO Authenticator, Microsoft Azure Authenticator, or any other MFA product that supports a RADIUS server, you can integrate it with Precisely Assure MFA to extend the technology you’ve already implemented in your organization to include protection of your IBM i systems.

Whether your organization is using OKTA or another RADIUS-compatible MFA platform, Precisely can help you extend your security authentication controls to IBM i mainframes. To learn more read our whitepaper Multi-Factor Authentication for IBM i.