extending active directory to box for seamless it management

Box à Active Directory with Okta

Agenda

-  Introduction to Okta and Box -  AD Integration with Okta -  New Offer from Box and Okta

okta confidential 2

IT is Going Through a Radical Transformation…

okta confidential 3

App

licat

ions

Employees, One Desktop

Use

rs

On Premises Increasingly In The Cloud

Consumerization of IT & Post-PC devices

Cross- company collaboration

…That Transformation Causes New Problems

okta confidential 4

App

licat

ions

U

sers

User store

okta confidential 5

okta confidential 6

okta confidential 7

okta confidential 8

okta confidential 9

Modern Identity & Access Management

okta confidential 10

•  First true Cloud IAM service •  Full suite of IAM features (SSO, provisioning, analytics) •  Bridges existing user stores (AD / LDAP) to the cloud

Modern Identity Management

Veteran Team

Strong Customer Success

A simple vision.

Share, manage, and access your content from anywhere.

The Market is Transforming IT Moves to the Cloud

Consumeriza@on of IT

Everyone is Sharing and Collabora@ng

What We Expect From our Apps Now

100% cloud-‐based for low cost and easy maintenance

✔ ✔

✔ ✔ Works on any mobile device

Fully flexible, but compliant with your IT policies

Secure, trusted, scalable, and always available

The New Enterprise Apps Checklist:

MANUFACTURING & INDUSTRIAL

INTERNET & HIGH TECH

ENTERTAINMENT & MEDIA

SERVICES EDUCATION & NON-‐PROFIT

RETAIL

Customers Love Using Box

Our PlaWorm

A Vibrant Ecosystem

300M Monthly API Calls

220+ Applica@ons

8,000+ App Developers

Box Partners

Users IT

Superior Solu@on for Users and IT

ü  Easy to use ü  Accessible anywhere ü  Streamlines sharing

ü  Enterprise grade security ü  Simple to deploy and maintain ü  Lower TCO

Agenda



Active Directory Integration - Overview

Remote users authenticate with AD username and password

1 Local users transparently authenticate using Integrated Windows Authentication

2

Access policies driven by AD security groups

3

Remote/Mobile Employees

Active Directory

Employees

Okta Agent(s)

Group Sales

Firewall


Active Directory Integration - Benefits

Remote/Mobile Employees

Active Directory

Employees

Okta Agents

Group Sales

• Simple agent install, no network configuration required • Multiple agents supported for HA authentication

Easy to Use, Just Works

• Scheduled or Manual Import of Users • Automatic De-Activation in Okta of Disabled/Deleted Users • Delegate Authentication for Okta to AD

Broad Functionality

•  Integration into Windows Desktop Login Tight Windows Integration

Remote users authenticate with AD username and password

1 Local users transparently authenticate using Integrated Windows Authentication

2

Access policies driven by AD security groups

3


Integrating Active Directory

Download AD Agent, Install on Windows Machine

1 Configure Agent:

Directory Location, Credentials, Sync Interval

3 Configure

import rules

4

Internet Firewall Your Network

AD Domain Controller

Okta Agent (On Windows Server)

https://yourcompany.okta.com

2 •  Enter Okta URL and credentials •  HTTPS from company to Okta •  No firewall configuration necessary


Import Options

• Confirm and Activate on Login


Ongoing AD User Synchronization





3 Users provisioned, de-provisioned; application assignments based on security group membership

AD Agent Scans AD for changes and makes HTTPS request to upload to Okta

1

Okta receives update, processes user and group changes

2


Delegated Authentication to AD





User logs into https://yourcompany.okta.com using Okta username & AD password 1 Okta communicates to AD Agent via persistent

connection to validate password 2

Agent responds with success or failure

3 Okta returns Box homepage (success) or failure message

4

Inside/Outside Network


Desktop SSO

Firewall

2

1


Get To Box with NO Login Page • User logs on to domain • Can then access Box with no additional login

Secure: Uses Integrated Windows Authentication (Kerberos)

Easy to deploy: Leverages light weight agent running under IIS

Okta IWA Agent


Integrated Multifactor Authentication

•  Security question •  Smart phone Soft Token •  Can integrate with 3rd party MFA products

•  Flexible policy •  Self service configuration •  Fully integrated as part of the Okta service

•  Phishing •  Guessed passwords •  Key loggers


Case Study


Enterasys - Key Challenges

-  Security -  BYOD, BYOA, Consumerization -  “Cloud First” IT strategy -  Increasing number of cloud apps, rapid move to

the cloud -  No existing SAML infrastructure for single sign-on -  Application Adoption Metrics

29

Okta @ Enterasys

30

Enterasys - Key Benefits Realized

-  User Benefits -  My Applications page -  Desktop SSO using Integrated Windows Authentication (IWA) -  One password through AD integration -  Consistent Access from any device (BYOD)

-  IT Benefits -  Security -  Ability to monitor application adoption -  User deprovisioning -  AD integration, Groups

31

Agenda



New Offering from Okta and Box

-  Use Okta to Connect Box to Active Directory -  Secure Access to Box -  Reduce Administration Costs for Box

-  Do all of this for FREE okta.com/box


Many customers use Okta + Box together today


Enterprise SaaS Technology Life

Sciences Online

Services Mfg, Legal,

Finance

Why this new offering?

-  Solves a common requirement for Box users (integrate Box with Active Directory) -  But now lets you do so for Free

-  Introduces Okta to more enterprises. All of you will use more cloud apps in the future, and we want to be the partner you turn to.

-  It’s very easy to expand Okta to cover the rest of your applications.


Call To Action

Get a free Okta account for Box here: www.okta.com/box Questions? Ryan Carlson, Okta [email protected] Brian Dirking, Box [email protected] okta confidential 36