Announcing Device Identity for Okta

Carl-Tashian.jpg

Carl Tashian

Follow Smallstep

We're excited to announce that we've created a lightweight Okta® SSO integration for device identity. It offers the strongest possible guarantee that your Okta apps are only available on trusted devices.

Lock down your most sensitive resources with our next-gen device authentication.

How does it work?

Our cross-platform desktop application issues every authorized device a cryptographic ID that’s bound to a device’s silicon. Unlike a security token or a key file, it cannot be brought to another device. This feature strongly constrains any attack surface area involving sensitive resources.

Easily integrates with Okta

Smallstep is an external Identity Provider (IdP) factor for Okta. Our Okta application uses OpenID Connect (OIDC) flows and cross-domain identity management (SCIM) sync.

More secure than a YubiKey

A YubiKey identifies a person. It does not identify devices and it does not constrain access to a particular set of devices.

And by allowing portability, YubiKeys open up new attack vectors. The June 2024 Snowflake data theft illustrated the issue: An employee or customer signed into Snowflake on a personal device that had been infected with malware. The malware sent Snowflake stored credentials to an attacker.

Smallstep device identity is bound to the individual laptop and mobile device within your organization, and it cannot be exported.

Increase security without adding to users’ authentication burden

With Smallstep, the silicon is the key. When accessing resources from an authorized device, users will not see any additional interruptions at login. No YubiKeys to plug in and tap, no codes to type in. 

Smallstep Device Trust

  • Adds high-assurance device checks to Okta
  • Device authentication keys cannot be exported
  • Keep personal devices away from your most sensitive resources
  • You decide which SSO-protected apps require Device Identity
  • Device authentication complements user authentication
  • A cost-effective replacement for Okta Adaptive MFA

When you add device trust to your security model, it becomes easier to reason about attack vectors, because any attacker would need access to one of your devices.

Want to learn more? Request a demo

Carl Tashian (Website, LinkedIn) is an engineer, writer, exec coach, and startup all-rounder. He's currently an Offroad Engineer at Smallstep. He co-founded and built the engineering team at Trove, and he wrote the code that opens your Zipcar. He lives in San Francisco with his wife Siobhan and he loves to play the modular synthesizer 🎛️🎚️