Oktane 21 – Oktas Identity vision
The Identity and Access market is increasing and improving more and more. The pandemic situation has pushed that additionally. In the recent Octane21 from Okta the company has shown their vision of the Identity and Access management future.
I will give you a little summary and set it into consideration of VMware Workspace ONE and which use case could be addressed with a combination of both solutions. If we think about Digital Workspace, Remote Workforce and user experience there would be some good examples.
Okta Identity Wallet
The Okta Identity Wallet is one of the most impressive things I have heard about. You can store your drivers license, health data or credit card information in it.
But why that is interesting because you can do such things in a similar flavour with the Apple Wallet for instance?
For that, we take a look at how it will works. First of all, you can divide the Wallet into two sections, the My Wallet with the Credit Card in it for instance and the My Identity Graph with information like Health, Family and Fitness.
To make it work like the Credit Card, the Credit Card company will create credentials for the user which will be tied to the Okta Identity Wallet.
The Okta Identity Wallet is backed up to the Okta Identity Cloud with internal encryption. You can configure recovery devices in case you need to recover your data (see Device compatibility) and Custodians in case you lost all your recover devices which has to authorize your recovery.
You enter your health insurance data or scan your card and the Okta Identity Wallet starts automatically to talk to the insurance Company for the right credential information and store the card by verify the Identity of the person in the Identity Wallet. The health insurance plan will be added.
Family Identity Graph
You can give access to family members to your stored information in your Okta Identity Wallet Family graph like the credit card, Glucometer or what ever you want. In the same time you can decide to not give access to the health data for instance for the same person. If you want to do so. It´ s a great thing, because one place and you can control the access to the data which are stored in it.
In the Enterprise version of the Wallet such capabilities are build in it (the app). If you upgrade to the Enterprise version, your data will be automatically transferred. You can create a work profile within the Okta Identity Wallet alongs with your private profile. That will configure all the work apps including email and calendar on the phone. You have multiple devices? Well, you can enrol them and link it to your work profile.
Let us take a deeper look into a workflow how the Wallet can be used and helpful in a real life situation.
You have an appointment at your doctor. So you can checkin to your appointment with the Okta Identity Wallet and share data with him or better to say give the doctor access to the health data.
Afterwards the doctor can send to the “user” a prescription into the Okta Identity Wallet which the user can then authorize and send to the preferred pharmacy which was configured before in the Wallet. All online and immediately.
The Pharmacy can request access to the health data and history of the user which is stored to the Wallet to check for instance if there are potentially some reasons from the history of the data why he / she shouldn´´ t agree with the prescription from the doctor. In case he / she feared about an allergic reaction to the recommended medicine from the doctor, he / she can send that back to the doctor and recommend another one.
The doctor can then react to that but I think you got the point.
Here Okta will increase the compatibility of device types, like Peletons, Glucometer devices etc.
Delegated administrators will be integrated.
Okta Verify with fast path
It will be possible to have multiple accounts on one single device. That will be extended to support enrolment and recovery using your exiting devices. Makes absolutely sense, if you think about you lost your device, update to another one or the device is damaged. Okta will evolve that to support new credential types and protocols. To enable that to act as your identity wallet.
Usually your credentials are tied to your Okta organizational account and that is not only managed by you. You potentially have multiple administrator, configurations on an organizational bases etc
There will be by time your own personal Okta account which will or can be used on all your devices and is independent from email, phone number or your organization. That account will be added to Okta Identity Wallet and that will be added to Okta Verify that this can interact at the end with all Wallet enabled services. At the end the Okta Identity Wallet can provide a personal Identity Store which can act as an Identity Hub. That will manage your Identity Graph with his corresponding Apps, Devices, Data and relationships as well as who one has or can get access to the data and when. Others can request access to the data as in the mentioned scenario but only YOU decide who get access and to what.
Best of both from Okta and VMware – How to combine with Workspace ONE
If we bring that now into context regarding VMware Workspace ONE, you will recognize that there some overlapping topics like devices and applications. But why customers maybe will think about a combination of both solutions?
There is one good example from my perspective. You use Workspace ONE for the management of your whole devices fleet including the access to applications and Cloud / SaaS services. But whats about things like Peleton or Glucose devices which are currently not manageable with Workspace ONE? Exactly, that is the point where Okta can come into the game and give you the chance to manage these devices as well.
More and more companies do more for the health and well being of their employees. That could be a good example for that. You give your husband or wife access to your health data (Glucose) and they can react. You can use the Peleton for instance for company challenges regarding health. Every employee who will made 15km on the Peleton at a given time will get a benefit for that. With such an approach you can increase the motivation of employees to do something for their health and you as a company benefits from that as well. All on one device or sync through all devices which the user use. And important thing, the user decide to which data they want to give access to whom.
You as a customer only have to think about, which of the both Identity and Access Management solutions should be the leading one, which will be the leading iDP. Of course you can combine both as I described in my article here.
Another example is, you implement an Okta Org2Org SAML solution which I will describe in another article here. Why you should do that? You can integrate with Partner companies and programs. The Partner company can maybe offer some special programs for sport, health or simply give you access to some project related services.