extending active directory to box for seamless it management
DESCRIPTION
As organizations move mission critical files and data into Box, security and productivity become increasingly important. How can IT enable users to seamlessly access Box with their existing network credentials or ensure that user accounts are automatically provisioned and deprovisioned as employee roles change? Historically, Active Directory has been core to application security and productivity. However, Active Directory was built for on-premise networks and does not easily integrate with cloud applications like Box. Okta’s Active Directory integration service bridges this gap, takes only moments to set up, and best of all… is FREE! This webinar will discuss Okta’s free Directory Integration Edition for Box, and how it can deliver the following benefits: -Single sign-on with federation or delegated authentication -Automated provisioning & de-provisioning via Security Groups -True end-to-end provisioning from HRIS systems like Workday -Password synchronization -Multifactor authenticationTRANSCRIPT
Box à Active Directory with Okta
Agenda
- Introduction to Okta and Box - AD Integration with Okta - New Offer from Box and Okta
okta confidential 2
IT is Going Through a Radical Transformation…
okta confidential 3
App
licat
ions
Employees, One Desktop
Use
rs
On Premises Increasingly In The Cloud
Consumerization of IT & Post-PC devices
Cross- company collaboration
…That Transformation Causes New Problems
okta confidential 4
App
licat
ions
U
sers
User store
okta confidential 5
okta confidential 6
okta confidential 7
okta confidential 8
okta confidential 9
Modern Identity & Access Management
okta confidential 10
• First true Cloud IAM service • Full suite of IAM features (SSO, provisioning, analytics) • Bridges existing user stores (AD / LDAP) to the cloud
Modern Identity Management
Veteran Team
Strong Customer Success
A simple vision.
Share, manage, and access your content from anywhere.
The Market is Transforming IT Moves to the Cloud
Consumeriza@on of IT
Everyone is Sharing and Collabora@ng
What We Expect From our Apps Now
100% cloud-‐based for low cost and easy maintenance
✔ ✔
✔ ✔ Works on any mobile device
Fully flexible, but compliant with your IT policies
Secure, trusted, scalable, and always available
The New Enterprise Apps Checklist:
MANUFACTURING & INDUSTRIAL
INTERNET & HIGH TECH
ENTERTAINMENT & MEDIA
SERVICES EDUCATION & NON-‐PROFIT
RETAIL
Customers Love Using Box
Our PlaWorm
A Vibrant Ecosystem
300M Monthly API Calls
220+ Applica@ons
8,000+ App Developers
Box Partners
Users IT
Superior Solu@on for Users and IT
ü Easy to use ü Accessible anywhere ü Streamlines sharing
ü Enterprise grade security ü Simple to deploy and maintain ü Lower TCO
Agenda
- Introduction to Okta and Box - AD Integration with Okta - New Offer from Box and Okta
okta confidential 19
Active Directory Integration - Overview
Remote users authenticate with AD username and password
1 Local users transparently authenticate using Integrated Windows Authentication
2
Access policies driven by AD security groups
3
Remote/Mobile Employees
Active Directory
Employees
Okta Agent(s)
Group Sales
Firewall
okta confidential 20
Active Directory Integration - Benefits
Remote/Mobile Employees
Active Directory
Employees
Okta Agents
Group Sales
• Simple agent install, no network configuration required • Multiple agents supported for HA authentication
Easy to Use, Just Works
• Scheduled or Manual Import of Users • Automatic De-Activation in Okta of Disabled/Deleted Users • Delegate Authentication for Okta to AD
Broad Functionality
• Integration into Windows Desktop Login Tight Windows Integration
Remote users authenticate with AD username and password
1 Local users transparently authenticate using Integrated Windows Authentication
2
Access policies driven by AD security groups
3
okta confidential 21
Integrating Active Directory
Download AD Agent, Install on Windows Machine
1 Configure Agent:
Directory Location, Credentials, Sync Interval
3 Configure
import rules
4
Internet Firewall Your Network
AD Domain Controller
Okta Agent (On Windows Server)
https://yourcompany.okta.com
2 • Enter Okta URL and credentials • HTTPS from company to Okta • No firewall configuration necessary
okta confidential 22
Import Options
• Confirm and Activate on Login
okta confidential 23
Ongoing AD User Synchronization
Internet Firewall Your Network
AD Domain Controller
Okta Agent (On Windows Server)
https://yourcompany.okta.com
3 Users provisioned, de-provisioned; application assignments based on security group membership
AD Agent Scans AD for changes and makes HTTPS request to upload to Okta
1
Okta receives update, processes user and group changes
2
okta confidential 24
Delegated Authentication to AD
Internet Firewall Your Network
AD Domain Controller
Okta Agent (On Windows Server)
https://yourcompany.okta.com
User logs into https://yourcompany.okta.com using Okta username & AD password 1 Okta communicates to AD Agent via persistent
connection to validate password 2
Agent responds with success or failure
3 Okta returns Box homepage (success) or failure message
4
Inside/Outside Network
okta confidential 25
Desktop SSO
Firewall
2
1
AD Domain Controller
Get To Box with NO Login Page • User logs on to domain • Can then access Box with no additional login
Secure: Uses Integrated Windows Authentication (Kerberos)
Easy to deploy: Leverages light weight agent running under IIS
Okta IWA Agent
okta confidential 26
Integrated Multifactor Authentication
• Security question • Smart phone Soft Token • Can integrate with 3rd party MFA products
• Flexible policy • Self service configuration • Fully integrated as part of the Okta service
• Phishing • Guessed passwords • Key loggers
okta confidential 27
Case Study
okta confidential 28
Enterasys - Key Challenges
- Security - BYOD, BYOA, Consumerization - “Cloud First” IT strategy - Increasing number of cloud apps, rapid move to
the cloud - No existing SAML infrastructure for single sign-on - Application Adoption Metrics
29
Okta @ Enterasys
30
Enterasys - Key Benefits Realized
- User Benefits - My Applications page - Desktop SSO using Integrated Windows Authentication (IWA) - One password through AD integration - Consistent Access from any device (BYOD)
- IT Benefits - Security - Ability to monitor application adoption - User deprovisioning - AD integration, Groups
31
Agenda
- Introduction to Okta and Box - AD Integration with Okta - New Offer from Box and Okta
okta confidential 32
New Offering from Okta and Box
- Use Okta to Connect Box to Active Directory - Secure Access to Box - Reduce Administration Costs for Box
- Do all of this for FREE okta.com/box
okta confidential 33
Many customers use Okta + Box together today
okta confidential 34
Enterprise SaaS Technology Life
Sciences Online
Services Mfg, Legal,
Finance
Why this new offering?
- Solves a common requirement for Box users (integrate Box with Active Directory) - But now lets you do so for Free
- Introduces Okta to more enterprises. All of you will use more cloud apps in the future, and we want to be the partner you turn to.
- It’s very easy to expand Okta to cover the rest of your applications.
okta confidential 35
Call To Action
Get a free Okta account for Box here: www.okta.com/box Questions? Ryan Carlson, Okta [email protected] Brian Dirking, Box [email protected] okta confidential 36
okta confidential 37