Oktane 2023: Okta Unveils New Identity Innovations To Secure the AI Era

At Oktane 23, Okta’s annual flagship conference, CEO Todd McKinnon and other executives introduced one of the company’s most ambitious identity and access management (IAM) roadmaps to date during the keynote Go Beyond with AI and Identity.

With pressures in the macro environment, new waves of technology like AI, and an ever-changing threat landscape, organizations today are tasked with more challenges and opportunities than ever before. Okta aims to help companies tackle these demands and thrive amidst the complexities of tomorrow.

“We are entering a new technology era driven by AI, which will mean every company uses ten times as many AI-powered apps, tools, and chatbots in just five years,” said McKinnon. “While this promises tremendous potential, it also introduces daunting new identity risks that companies must address head on.”

To propel customers through the AI revolution securely, Okta unveiled a multitude of new products across its Customer Identity Cloud and Workforce Identity Cloud platforms. These capabilities span security, developer productivity, credential management, and more.

Underpinning many of the announcements, Okta introduced Okta AI, a new framework for infusing artificial intelligence throughout its offering. Okta AI analyzes billions of crowdsourced data points — from threat signals to customer behaviors — to power automated identity decisions and workflows.

“Our products are incredibly flexible and configurable. With Okta AI, we are bringing expert knowledge to guide customers, so their identity solutions perfectly match their needs,” said McKinnon.

Okta Bolsters Security for the AI-Driven Threat Landscape

With AI increasing the volume and sophistication of cyber threats, identity is more critical than ever as the gateway to an organization’s technology stack. Okta is investing heavily in using AI to automate identity security.

A new capability called Identity Threat Protection leverages Okta AI to detect compromised credentials and risky access in real-time across an organization's entire network of apps and infrastructure. It evaluates hundreds of risk signals from sources like CrowdStrike and Palo Alto Networks and can trigger inline responses like a Universal Logout to instantly log users out from every critical app and device if a threat is detected.

"Identity threat protection helps customers automate detection and remediation of identity threats across the entire tech stack," explained Sagnik Nandy, President and CDO of Okta's Workforce Identity Cloud. "You no longer need another endpoint detection and response solution to get a single, actionable view of identity risk."

For overworked security teams, Log Investigator also uses conversational Okta AI to let admins query identity data using plain English questions. This simplifies threat investigation and rationalizing anomalies.

On the governance side, Governance Analyzer generates access insights and launches risk-based access reviews automatically. Together, these new tools represent a major step towards realizing Okta’s vision of identity acting as the connective “backbone” underpinning enterprise security.

Okta AI To Boost App Builder Productivity

In addition to augmenting security, Okta is also leveraging AI to make developers more productive. A new capability called Identity Flow Optimizer provides inline recommendations to improve login flows and boost sign-up conversions by eliminating friction.

"Developers never want to spend time on undifferentiated work. You want to leverage proven patterns of success while focusing on what's most valuable to your customers," said McKinnon. "That's where Okta's ecosystem and integration network comes into play."  

Okta is also using AI to radically simplify integration. Actions Navigator lets developers configure pre-built actions from Okta's marketplace using conversational prompts instead of digging through documentation. This could save thousands of developer hours.

"Together, these features showcase the power of Okta AI and our commitment to making identity easy and intuitive for developers," McKinnon commented.

Okta Pushes Towards Passwordless Future

Okta announced major strides towards a passwordless future, including Passkeys support to provide passwordless application login experiences backed by FIDO standards.

"Passwords alone are not secure to protect your users' identities," emphasized Bhawna Singh, CTO of Okta's Customer Identity Cloud. "Passkeys hold the promise of seamless, secure, and convenient access, surpassing the limitations of passwords."

Passkeys use public key cryptography to provide a phishing-resistant authentication method tied to devices and biometrics. Okta is the first identity provider enabling customers to adopt passkeys at scale.

According to McKinnon, "With Okta, you don't need passwords at work anymore." Okta is also well on the way to enabling a passwordless future for all consumers who want to make the change. I'm chomping at the bit for this! 

For consumer apps, Okta also launched Personal Apps to let enterprise users access personal apps via their Okta identity. This delivers a familiar SSO experience without storing passwords.

"With Passkeys in operating systems and Personal Apps, we are accelerating the journey to a passwordless future where security and usability go hand in hand," said Singh.

New Authorization and Credential Capabilities

Beyond authentication, Okta shared its vision for tackling modern authorization — determining what resources users can access. A new product called Okta Fine-Grained Authorization (FGA) provides authorization-as-a-service to define and enforce dynamic access policies across users, groups, and resources.

“Developers shouldn't have to build custom authorization systems over and over,” said Shiv Ramji, President of Customer Identity Cloud. “FGA lets them implement granular authorization to meet their needs and focus on innovation.”

On the credentials side, Okta announced support for verifying mobile driver's licenses (mDLs), an emerging standard for digital IDs on phones. "We believe digital credentials like mDLs are the future of identity," said Singh. Okta will provide online verification for mDLs to reduce reliance on physical IDs.

New Tools To Simplify Administration

In addition to developers, Okta also announced capabilities aimed at IT and security administrators, including:

• Expert Assist: On-demand reviews of identity configurations by Okta security experts
• Privileged Access Management: GA in December 2023
• Hook and Rules Retirement: Simplifies policy Expression Language

"We are very focused on improving and unifying the administrator experience across our products. Feedback shows these investments pay major dividends in productivity," said Singh.

The Path Forward

With cyber threats rapidly escalating and AI poised to disrupt every industry, identity is pivotal to securing our digital future, according to Okta.

"Our vision is to free everyone to safely use technology. Identity is the key enabler of that freedom," emphasized McKinnon.  

Okta's extensive portfolio of new identity products aims to help companies balance enhanced security with improved user experiences, greater productivity, and the ability to innovate with emerging technologies like AI.  

By making identity assistance available everywhere via Okta AI, the company hopes to further its goal of "empowering everyone to safely use any technology" as the AI age dawns.

"AI is driving a big paradigm shift when it comes to security and identity, and identity has to leverage AI to stay ahead of the curve," said Nandy.

"Okta AI makes our existing products much more valuable directly and also makes new products possible that weren't possible before," McKinnon added. 

With Oktane 23, Okta has unveiled one of its most ambitious identity roadmaps yet to help secure the AI revolution. But as McKinnon noted, "We have a lot more innovation in store. This is just a glimpse of what's to come."