Okta aims to unify IAM for Windows, macOS devices in hybrid work environments

Okta said Tuesday that it’s set to launch a new offering, Okta Device Access, designed to extend the capabilities of its cloud-based identity and access management (IAM) service to enterprise desktops and other devices in hybrid work environments. The application, according to the company, aims to simplify logins while also offering stronger authentification features and achieving a zero trust security environment.

Okta Device Access, deployed as part of Okta’s Workforce Identity Cloud service, will  launch with two capabilities: desktop multifactor authentication (MFA) for Windows and macOS; and Desktop Password Sync for macOS.

Desktop MFA brings Okta’s MFA policies, which include adaptive, contextual, and customizable MFA, to desktop logins to protect local data, native apps, and non-internet facing services on desktops.

“With this announcement, Okta removes the legacy fence around desktop authentication which includes only allowing password-based or biometric authentication (Windows Hello, macOS touchID),” said Jack Poller, an analyst at ESG Global. “Okta now enables organizations to extend Okta MFA to the desktop, strengthening the authentication process and increasing the security of these devices. This is especially important given how often devices are lost and stolen and the amount of sensitive data stored on these devices.”

Desktop Password Sync for macOS is a feature to provision local macOS user accounts with Okta credentials and enroll them into Okta Verify and FastPass, Okta’s flagship passwordless authenticators. This capability is built on top of Apple’s Single Sign-On (SSO) extension, which allows iOS and macOS devices to sign into third-party apps using their Apple ID credentials without needing to create a separate account for each app (developed  with Jamf, a software company that specializes in Apple devices in enterprise and education environments).

Offering aims to unify access management

Okta Device Access, according to the company, is focused on unifying access management for hybrid workflows. This means the software will bring the same login interface that Okta customers use to access their business apps to the point of device login.

“Unifying access management can help admins integrate authentication policies across all user touchpoints,” the company said in a product announcement. “It can also be used by the employees who can safely sign into their work devices and applications with a unified access experience — which means fewer passwords for potential attackers to utilize.”

Okta Device Access is designed to work across a wide range of devices, securing workforce identities on Windows and macOS devices. The company plans to extend the application to additional systems shortly.

“One benefit of Okta Device Access is the extension of the zero-trust paradigm to the desktop,” ESG’s Poller said. “Zero trust is predicated on phishing-resistant authentication, and any organization moving to a zero-trust cybersecurity strategy needs to have phishing-resistant authentication on desktops.”

Desktop MFA for Windows is planned to be available in an early access program in the third quarter, and generally available in the fourth quarter this year. Desktop Password Sync for macOS will be in early access in the third quarter and generally available in the fourth quarter as well. Desktop MFA for macOS is planned to be in early access in the fourth quarter this year and generally available in the first quarter of 2024. The company did not immediately provide pricing details.