As organizations move mission critical files and data into Box, security and productivity become increasingly important. How can IT enable users to seamlessly access Box with their existing network credentials or ensure that user accounts are automatically provisioned and deprovisioned as employee roles change?
Historically, Active Directory has been core to application security and productivity. However, Active Directory was built for on-premise networks and does not easily integrate with cloud applications like Box. Okta’s Active Directory integration service bridges this gap, takes only moments to set up, and best of all… is FREE!
This webinar will discuss Okta’s free Directory Integration Edition for Box, and how it can deliver the following benefits:
-Single sign-on with federation or delegated authentication
-Automated provisioning & de-provisioning via Security Groups
-True end-to-end provisioning from HRIS systems like Workday
-Password synchronization
-Multifactor authentication
2. Agenda
- Introduction to Okta and Box
- AD Integration with Okta
- New Offer from Box and Okta
okta confidential 2
3. IT is Going Through a Radical Transformation…
okta confidential 3
Applications
Employees,
One Desktop
Users
On Premises Increasingly In The Cloud
Consumerization of IT
& Post-PC devices
Cross-
company
collaboration
10. Modern Identity & Access Management
okta confidential 10
• First true Cloud IAM service
• Full suite of IAM features (SSO, provisioning, analytics)
• Bridges existing user stores (AD / LDAP) to the cloud
Modern Identity
Management
Veteran
Team
Strong Customer
Success
11.
12. A
simple
vision.
Share,
manage,
and
access
your
content
from
anywhere.
13. The
Market
is
Transforming
IT
Moves
to
the
Cloud
Consumeriza@on
of
IT
Everyone
is
Sharing
and
Collabora@ng
14. What
We
Expect
From
our
Apps
Now
100%
cloud-‐based
for
low
cost
and
easy
maintenance
✔
✔
✔
✔
Works
on
any
mobile
device
Fully
flexible,
but
compliant
with
your
IT
policies
Secure,
trusted,
scalable,
and
always
available
The
New
Enterprise
Apps
Checklist:
15. MANUFACTURING
&
INDUSTRIAL
INTERNET
&
HIGH
TECH
ENTERTAINMENT
&
MEDIA
SERVICES
EDUCATION
&
NON-‐PROFIT
RETAIL
Customers
Love
Using
Box
17. A
Vibrant
Ecosystem
300M
Monthly
API
Calls
220+
Applica@ons
8,000+
App
Developers
Box
Partners
18. Users
IT
Superior
Solu@on
for
Users
and
IT
ü Easy
to
use
ü Accessible
anywhere
ü Streamlines
sharing
ü Enterprise
grade
security
ü Simple
to
deploy
and
maintain
ü Lower
TCO
19. Agenda
- Introduction to Okta and Box
- AD Integration with Okta
- New Offer from Box and Okta
okta confidential 19
20. Active Directory Integration - Overview
Remote users authenticate with
AD username and password
1 Local users transparently authenticate
using Integrated Windows Authentication
2
Access policies driven
by AD security groups
3
Remote/Mobile
Employees
Active
Directory
Employees
Okta Agent(s)
Group
Sales
Firewall
okta confidential 20
21. Active Directory Integration - Benefits
Remote/Mobile
Employees
Active
Directory
Employees
Okta
Agents
Group
Sales
• Simple agent install, no network configuration required
• Multiple agents supported for HA authentication
Easy to Use,
Just Works
• Scheduled or Manual Import of Users
• Automatic De-Activation in Okta of Disabled/Deleted Users
• Delegate Authentication for Okta to AD
Broad
Functionality
• Integration into Windows Desktop Login
Tight Windows
Integration
Remote users authenticate with
AD username and password
1 Local users transparently authenticate
using Integrated Windows Authentication
2
Access policies driven
by AD security groups
3
okta confidential 21
22. Integrating Active Directory
Download AD Agent,
Install on Windows Machine
1
Configure Agent:
Directory Location,
Credentials, Sync Interval
3
Configure
import rules
4
Internet Firewall Your Network
AD Domain
Controller
Okta Agent
(On Windows Server)
https://yourcompany.okta.com
2
• Enter Okta URL and credentials
• HTTPS from company to Okta
• No firewall configuration necessary
okta confidential 22
24. Ongoing AD User Synchronization
Internet Firewall Your Network
AD Domain
Controller
Okta Agent
(On Windows Server)
https://yourcompany.okta.com
3
Users provisioned, de-provisioned; application
assignments based on security group membership
AD Agent Scans AD for changes and makes
HTTPS request to upload to Okta
1
Okta receives update, processes
user and group changes
2
okta confidential 24
25. Delegated Authentication to AD
Internet Firewall Your Network
AD Domain
Controller
Okta Agent
(On Windows Server)
https://yourcompany.okta.com
User logs into https://yourcompany.okta.com
using Okta username & AD password
1 Okta communicates to AD Agent via persistent
connection to validate password
2
Agent responds with
success or failure
3 Okta returns Box homepage
(success) or failure message
4
Inside/Outside Network
okta confidential 25
26. Desktop SSO
Firewall
2
1
AD Domain
Controller
Get To Box with NO Login Page
• User logs on to domain
• Can then access Box with no additional login
Secure: Uses Integrated Windows
Authentication (Kerberos)
Easy to deploy: Leverages light
weight agent running under IIS
Okta IWA
Agent
okta confidential 26
27. Integrated Multifactor Authentication
• Security question
• Smart phone Soft Token
• Can integrate with 3rd party MFA products
• Flexible policy
• Self service configuration
• Fully integrated as part of the Okta service
• Phishing
• Guessed passwords
• Key loggers
okta confidential 27
29. Enterasys - Key Challenges
- Security
- BYOD, BYOA, Consumerization
- “Cloud First” IT strategy
- Increasing number of cloud apps, rapid move to
the cloud
- No existing SAML infrastructure for single sign-on
- Application Adoption Metrics
29
31. Enterasys - Key Benefits Realized
- User Benefits
- My Applications page
- Desktop SSO using Integrated Windows Authentication (IWA)
- One password through AD integration
- Consistent Access from any device (BYOD)
- IT Benefits
- Security
- Ability to monitor application adoption
- User deprovisioning
- AD integration, Groups
31
32. Agenda
- Introduction to Okta and Box
- AD Integration with Okta
- New Offer from Box and Okta
okta confidential 32
33. New Offering from Okta and Box
- Use Okta to Connect Box to Active Directory
- Secure Access to Box
- Reduce Administration Costs for Box
- Do all of this for FREE
okta.com/box
okta confidential 33
34. Many customers use Okta + Box together today
okta confidential 34
Enterprise
SaaS
Technology
Life
Sciences
Online
Services
Mfg, Legal,
Finance
35. Why this new offering?
- Solves a common requirement for Box users
(integrate Box with Active Directory)
- But now lets you do so for Free
- Introduces Okta to more enterprises. All of you will
use more cloud apps in the future, and we want to
be the partner you turn to.
- It’s very easy to expand Okta to cover the rest of
your applications.
okta confidential 35
36. Call To Action
Get a free Okta account for Box here:
www.okta.com/box
Questions?
Ryan Carlson, Okta
rcarlson@okta.com
Brian Dirking, Box
bdirking@box.com
okta confidential 36