Reduce Dependency on Active Directory With Cloud Identity

Welcome to today's KuppingerCole Webinar, which is supported by Okta. It is about reduce dependency on active directory with cloud identity. My name is Christopher Schutze, I'm director for the practice cyber security at KuppingerCole. And I'm here today with two very interesting speakers. We have Axel Bock, head of IT architecture from Paracelsus Kliniken, and we have Thomas Heinz, senior solutions engineer from Okta. Welcome. So let's start with some insights into our next KClive events, which you can attend online and for free on November the ninth, we have our second KClive tools choice about endpoint protection detection and response with John Tolbert. And I will show you how to find the right tool for EDPR and how, and what are the essential things to know about. Also from November the ninth to November the 12th, we will have our cybersecurity leadership summit 2020, where a lot of interesting speakers will talk about their insight, challenges and strategies in cybersecurity. And from November the 17th to the 18th, we have our Cyber Access Summit 2020 our cyber security event in German language. I would be happy to see you there in our virtual events platform. Okay.
Before we start some housekeeping, you all know that we have audio control and you are centrally muted, and we are controlling this feature and there is no need to mute or unmute yourself. We are recording this webinar and it will be made available short term. And we also will provide the slide decks for download.
There is time for Q&A at the end of the way we now are. You can enter your questions at any time using the GoTowebinar control panel. Today, I will start with talking about challenges with just having an active directory and how to build an open architecture with a KuppingerCole identity fabric.
Then
Thomas Heinz, we'll talk a few words about Okta and how it can help to manage cloud applications with reducing dependencies on active directory, and then follow up by Axel Bock who will tell us about how they implemented Okta's identity cloud in the Paracelsus clinic, one of the largest privately owned hospital networks with roundabout 40 facilities at 25 location. This webinar's also an interactive one, which means we, and you are allowed to ask questions at any time. And then we will check whether we answer the questions immediately, or maybe at the end of the webinars in our Q&A block. So let's go, the Trent to more work from home has only accelerated in the past month in general, it is a strategy of many organizations for people to be able to work from everywhere.
Logging into
Your classic active directory account at the beginning of your working day is today honestly, less common than maybe 10 years ago.
We see a clear
Strategy and development in the direction of using cloud services or general software as a service without having a corporate computer. So what does this mean for us for the way we are working right now or in the future? Is it necessary to dial into MBP and on Monday morning, sign into your active directory account and then be able to access on premise applications and cloud applications, maybe still with entering additional credentials for each service without any comfortable single sign on mechanisms. Organizations are currently in a phase where they have a lot to do with onboarding new applications, services, and support many new and existing paradigms to solve the issues of their users
And everything
I'm talking about. Must also be open to support this modern way to work. The next years will be hybrid. Even if there is a cloud first strategy in your organization, organizations have to support existing applications, as well as modern ones. The coping a call identity fabric is our construct to support such a very identity and access management centric and hybrid scenario where we have on the one hand and active directory, classic or modern IGA tools, which integrate into cloud or hybrid scenarios. The idea of the identity fabric is to enable all types of identities to connect potentially all types of services. So consumers, partners, employees, things can access cloud federated and legacy applications by using a set of services or access management, ITA and boar.
A more detailed view on our identity fabric shows the concrete capabilities we have, like identity access governance, identity provisioning, or adaptive authentication. These capabilities are bundled to services. So for instance, an instance and authentication service for all types of authenticate identities cloud, or on-premise to keep it short. Current approaches are very focused on classic and hybrid models, which gives an identity excesses based on roles or any other assigned entitlement. This is where the active directory and the on premises world and the underlying paradigms are good. We call this also deployed home identity, access management, modern clot cloud applications are more open and support access decisions on run time to maybe based on attributes like location device. And so, and here you can build a lot based on multifactor authentication mechanisms to improve your security in the organization.
That was my
Short intro to the topic. And I want to hand over to Thomas who is starting, was introducing himself and asking some questions to ask. So thank you very much.
Yeah. Thank you, Christopher. So yeah, my name is Thomas. I'm a solutions engineer at Okta. So, so far to my person and we were just start a little bit about a small discussion around our small question around between me and an XL. So excellent. Maybe you introduce yourself.
Yes. Hello altogether. And my name is Axel. I am the team lead it architecture at power Paracelsus clinics. I am with the company for about two years because they were bankrupt two years ago and I met the new owners and they said, we want to change something. And I said, okay, I want to, I want to participate. That sounds cool. So I'm their new team lead architecture. That sounds very
Cool. So actually, let me, let me ask a question. So when you joined the company and how did you hear about Bhakta basically? So how did it come that you say, oh, I want to, to use Okta. I want to start with Okta. I want to talk to
Them. The Octa thing fell to me basically because I was in contact with one of your competition before, because I did have the same problem, which was user management in cloud-based applications. And my new C T O came around and said, well, there's this crazy cool thing called Okta. We do need this. We need to roll this out. And I said, Octa, okay, what's this? And I looked at your website and I thought, okay, I know this. Oh yeah, let's do it basically. So that's the way I came in contact with you. Awesome.
Sounds good. And, and, okay, so now you're, you're talking to Okta and you actually are using it that's for sure. Maybe you can describe a little bit, how, how was the starting situation with you? So did you indeed start with active directory? So maybe you can tell us a few birds, pilot looked like so very short because we will have much time later on at anyways.
Yeah. Yeah. The in short a while you wouldn't be introduction, I was drawing a little bit here. So the, the initial situation was after the bankruptcy, the new owners wanted to reach everybody like every single employee of the company. And they were faced with a very unique situation. We had 20 sites, 20 different physical sites, which were all administered using their own locally present active directory. So these active directors didn't know about each other, but what the new owners wanted to have is a cloud cloud-based employee app, basically like, like Yammer or like a Facebook for, for employees. Now you are faced with 20 local active directories and you want all of them to access a central cloud-based application. And the question was, how can we do that? And the answer was well, Octa, that's the very simple starting point where we all first use case basically. Okay.
Sounds good. So then I assume it just continued and you got going with not just only the cloud directory, and I think you're at the moment using multifactor authentication. So it grew really big in a few months, years I would say, or is the true,
We, we realized that managing 20 active directories in our situation there, if you have a different situation in might be different, but in our situation managing 20 active directories for application access just wasn't possible. And to unify, to, to build up a central single active directory for all sites was just not feasible in the timeframe or with the, with the personnel we had. So we very early on decided that would be the place to go for everybody, for access to their applications. So that was a strategic decision, which then grew, and we started adding on applications. And so far it's been going very well.
That's good to hear as always, okay. So what I want to do now, so I want to talk a little bit about Okta so that all the people in the webinar understand a little bit more, what is Okta? And after that, we will continue with the discussion and axle will give you afterwards a little demo and a live view into the system and what they did, what they built. It's very easy. That's talk about Okta, basically. Maybe some of, you know, it already, maybe some of you don't. So what is Okta, it's basically a new approach to identity so on. Why do customers choose even Okta? Because we are born and building the cloud. So it's not just some kind of on premise software, we put into the cloud and now it's a software as a service, and that we're actually running in the cloud.
We were built there. We were very independent and neutral. So we're not just saying, oh, we integrate good with Microsoft. We integrate good with Google. We were very open. We have six and a half thousand applications in our integration, epic already. And also customers trust us because we are reliable, scalable, and basically a secure platform. So that's basically what is Okta. And our mantra is something like we want to enable any organization to use any technology. So, as I said, we are neutral. We use open standards. So like all SAML open API APIs to connect any existing IDPs you may already have. And we want to also be simple. So it should not be some kind of an expert necessary when you want to connect a new application to Okta. It should be very easy. So as far as you can read some documentation, you will connect an application like Dropbox or Salesforce or whatever in just a few minutes. So that's basically how we run our service. Yeah. Also put in that slide. So that's kind of a marketing marketing one. So just to, to, to let you see where we are, maybe a few, some of you never heard about Okta. So basically I'd put the first away and got the magic quadrant and you can see real the leader in both of them. And we are far ahead of everyone else, as you can see on the right hand side. So there's almost no space to improve just to give you a general idea what we
Are, but now
Let's go back a little bit into the technical details and really about talking about our platform. So with the Okta identity cloud, we doesn't really care about which users you want to connect to our cloud system. So it can be employees, contractors, like Paracelsus clinics that we can also connect partners. And you can use Okta also for customer identity use cases and are growing very strong on that. I can, I can tell you, and, and the, on the right hand side, you can see what can be connected to the platform. So in the middle, you can see we not only connect applications, it's possible to connect it in the cloud on prem, by a proxy gateways, for example, but we also can connect to infrastructure to, to connect to servers secure via multifactor protection. The service can be hosted on prem on the cloud. We also have open API.
So you can either send information to Okta, do things in Okta, or we can call custom API APIs to automate or automate your existing technology and Ts, I think a very good slide where you can see on one slide, a lot of the technology we have. So a lot of customers always start on the left-hand side. So universal directory, S Axel said, I want to get a uniform directory in the cloud. I want to connect different sources of identities and store them in the cloud. So that's where our universal directory comes in place. After that people want to securely sign into different applications, so that single sign on, and then we're talking about different technologies going, going ahead, for example, connect to service with advanced server access. Then you want to maybe have that defended a rule. So only when you're on a trusted laptop, or if you are on a security wise, you want to be able to access services.
But if you did some kind of impossible travel or something like that, then no Xs should be possible. And then we'd just go down the road. Lifecycle management means we do some joiner mover leaver processes. So that means a user is created by an HR system. And every application after that is then triggered by Okta. And user's created attributes are mastered and this and so on. And when the user is leaving the company, of course, you're going to deactivate all the stuff, what the user left behind, and you want to be safe. That's basically what lifestyle management is. So I don't want to go into every nook and cranny about on the slide, but you can see where we are, where we're going to. And we do a lot from directories of integrations, insights to workflows and devices. And I think we will see Optiv workforce a little bit later by BioXcel.
It's just the one slide. What I wanted to show you, because it's so easy to integrate Okta with different vendors. And it doesn't matter if you want to integrate with legacy identity or social logins or two different apps or business logic or different security vendors, for example, or you want to trigger custom API APIs, or you want to access custom infrastructure. So we have a connector for basically a lot of S a lot of stuff, and that's called the Okta integration network. You can just scroll through that online and check if your applications already in there. And of course, as I said, we support open standards.
Yeah.
I just also wanted to give you a quick look how it looks. So basically you can see our mobile interfaces. You can see our server or web server web interfaces. Basically our idea is to make it easy for the employee, easy for the user to access services, access applications, and the user should feel like something he's using his iPhone. He doesn't know where the apps are stored. He can organize his apps around and it feels just safe choosing the applications. Yeah, I think that was a very quick overview about the, the Octa services. And, yeah, let's go ahead and we will continue with the discussion from my side to axle and vice versa. So, excellent. I'm coming back to you and how, because you implemented Octa, I think what about the challenges? So that's a tricky question as always. And it's the, maybe I go to a bad question for Octa, who knows, but what challenges did you have when implementing Okta?
The not the challenges are pretty, pretty easy. Actually, the, there are two to me which, which immediately come to mind first in the environment we come from, which is clinical software. I am basically a, a consultant on behalf of Okta teaching people what some will and open ideas. So I am teaching the vendors out there that something apart from active directory does exist and the industry is actually using it. Because if you say open ID or some of so many people just haven't heard about it, and this is a constant pain, that's really annoying. And the, the second challenge is that in our case, you, you have to, you have basically two completely separate or completely separate databases with people. You manage them in your local active directory in our case 18, and you manage them in Okta, and then you manage them in the HR system.
Maybe because if the ID and the HR system aren't integrated and you manage them, maybe in some other semi ticket system or so on. So when you, when you don't have a data governance thing, basically going, when you don't know where your data is, and you, you start thinking about your, your employee data, just when you integrate Okta, this will be a subject. This is an issue. These are the two challenges. So you have to link them up best is our current, our current efforts. So we, so we don't have to, to, to enter data manually into several systems anymore. Yeah. So basically you're saying
You had, you have a lot of different user stores, and now you're trying to combine them together and yeah. That's the tricky part. Yeah. Okay.
Synchronize them because you also have visibility issues, right. You don't want to have payment data in Okta and you, maybe you don't want to have group membership in your HR system. You have different use to the same data. Yeah. That's, that's an issue.
Okay. So when we were just talking about Okta, so I think I asked her to ask me that before, but what is your favorite feature in Okta? So that's, that's a good question. It's like, it's feeling like on a first date. So what's your favorite
Feature? Yeah. The holy factor, basically, it's the mixture of documentation and open API APIs and usability, basically, because everything you do at host to standards, I have never found anything. We're just not standard conformative, which is really, really nice. And you're, you're, there's one thing we are right now at 5 30, 500 pretty. I'm pretty sure there is. It will turn out pretty well, pretty nicely. Well, let's see. But the, the documentation of your API APIs and the, that you can integrate anything basically into any, anything else, which I can demo. If, if, if there is interest is, is awesome because we solved a lot of our problems just by integrating the Okta API with a custom automation pipeline, we wrote in an Azure function, which is really, really nice. And so we, we, for example, it kind of showed a demo right now. I can show what I mean
A step. So it's a perfect thing that you can go right ahead and share your screen. Yeah. Had talking about inland hooks. And so just to give the audience some background. So I talked about the network. So when you add an application, there's basically a wizard behind it, where you will get screenshots, you will get advice. What do you have, do you have to do in the application? So just to give the audience some, some context to you,
You should see my screen now, right? Oh yeah. Oh, I can see my screen. That's very good. So basically this is what the audience sees, right? And now when you, when you want to add a user to your, to your Okta directory, you go to directory at people and you add a person, right. So I have to be quick. So you don't see the names of the other people. So I, I, I just add what, what I'm doing is for example, we had the problem that, that the display name of people is being synchronized to systems. Now, when I, when I create this user, now we, we see that under profile there. If the automation works, that we immediately have a display name set again, if the automation works, I help the gods off automation or with me, or is it this planning here?
Okay. Maybe sometimes it takes. Yeah, but what did work is that print to follow me ID, which I did not set myself. If you can see this, but it's being set automatically. Now, this is something which is derived from the Octa ID because of systems limitations and the integration that this has been done automatically. Because if you don't do it, you have a tickets account all the time. You create a new user and somebody will forget to set this. So you have a ticket. Then you have support requests and people have to have to run after you so that you could fix this. So this was being set automatically without me doing anything. And this is because of all automation we put on top of Okta, basically, this is something we did in an Azure function, which is quite nice. You have the ability to do that. That is really, really great.
The hooks are so you didn't use workflows yet. So you are using the classic Cox.
I even have my, I even have a picture which describes this. If you want to see it in our internal here, this is basically the way it works. So we have, or hang on where we have Okta, which is sending events into Azure functions. And we process the events and react on them in several different ways. So this is possible. This is something we really, really found very useful up in the, in the process of implementing this, because this is, you can't do that easily with active directory. You can, but then you can't, then you can't add cloud applications, which is a big minus because we're using kind of a lot of them. So if you can, if you can see those, for example, in confluence, confluence is running in the cloud and that's a single sign on we're using the office 365 stuff. We're using AWS, which is a single sign on system.
We using a self written application. This is application written by us. We, we could easily use for single sign on which I can demo on the should work. This is my local host. The application is running in debug mode on my personal host. And I do have, I am signed in. Now we have a application which creates a new employee, and I am signed in locally for testing on my system now, which you also can't easily do with active directory, unless you are in the actual site. That's all a lot of benefits. Octa provides to you in with a very simple part, a very simple use case, just to add an application, to add a cloud application and using a standard protocol. And you are so flexible doing, doing this. This is really nice. And this is very, very technical. Yeah. If it's too technical, just post a question, something I can be less technical, but this is something which helped us greatly and there was questioned.
Thank you. So yeah, also to the audience, if you have any questions, of course, I'm just stressed. Put it in the question sections and we will answer them later. Or even if that too many questions, we, we will publish them with Azos later on, on KuppingerCole and yeah. Thank you, axle. So thanks for this. So what else can you, can you show us, so I think you prepared a little bit.
Yeah, sure. I did. I did prepare not a specialty for you, but I can show it here. The workflow extension, which has some, some process automation tool Octa provides for a price tag, of course, where you can automate that stuff. I did by writing Java script in Azure, which is something maybe not all companies can do because you need development now, right? You need somebody who can write Java script. You need somebody who can do cloud. You need a completely different set of, of knowledge to be able to do this. So Okta has a thing called Okta workflows, which can do almost the same. It's not as flexible, but more integrated and brings a couple of, of nice integrations. So what I did, what I did here is you don't want to go. I did realize a couple of use cases, for example, I pre-prepared off-boarding because some of boardings you have to do in multiple steps. It's not all that easy. Even with the lifecycle management, sometimes things are a bit weird. So you have to maybe improvise a little bit. But for example, I did, I did create the username, setting the printer, follow me ID and the discipline name, all the stuff I did in Azure. I redid with Okta workflows here. So if I do the same thing I did in, I did in the, in the productive system, if I do it on the test tenant, it should be the same. So if I, and
So, and maybe this time I'd Bloomberg because you're using October close or not. You're a self written faction who knows.
I must, I insist very much that the not working of the automation is because of Azure, because Azure is a, let's say a non-optimal experience to work with. I must insist on that. No worries. No, no, it's all fine. All right. So we have, if I create this, we should see, oh, okay. This is being all to create, but I have to enter it here. So this is, I can't demo this, but this is also auto creative. So if I save the, the user meld and look him up, we should see a couple of things, right? I have no, where am I? So what I'm trying to do the set up, I set the display name, but this plan name is basically the combination of first and last name. This is something which should be present. Now I set the username. Well, I can't demo this because it just punched it into the forum because it's mandatory for us. And then set the printer, follow me ID. Right? So these three fields should be filled out. Now with this, I entered manually. So let's reload.
You see the display name was correctly, said, it's first name and last name. That's all of it. Like, it's very simple. But if you're single list, for example, we sent this for our emails, right? If your, your email address in outlook in office 365, the display name is the name, which is shown to you. So it should be set. Otherwise it's empty, which is pretty confusing for people. So I set this automatically first and last name automation, right? So the printer follow me. ID is also being sexy. I didn't see this. I didn't fill in this value. And you see it's part of the, if you, if you see this as part of the tidy up there, basically, so it's derived from the value and the automation just did it. So you can just click your, you can just put your stuff together in here and to have an idea about how this looks, you just, you just take an input and you say, give me the user.
Then you create a stream from first and last name, and then you just update the user and you're done. That's basically the whole magic. And it's as simple as it seems. It is incredibly useful because if people marry more often than you think, and they change their names surprisingly often. And so if you have these, these name changes and you have to change the email addresses are the names and Okta, you always have to change two fields, right? You have to change the display name and you have to change the last name. And by having automation, you can use this to one, which is incredibly helpful because otherwise you forget, and you also have these tiny discrepancies, which just annoy everybody. So this is very nice. So this was basically the automation I, I prepared for now because of boarding. I can't demo.
Yeah, of course. So visit. Cause these are some use cases. So exactly when we see, okay, we want to have the printer, follow me ID and then all that stuff. When we go back a little bit. So how did it all start when you said, okay, we wanted to start the implementation. So I think you'll connect it. The active directories first. And it's still the, the users are still derived from, from active directory or how does it look at it?
Hmm. Actually the active directory is that's, that's what I was mentioning before you haven't tasted government's thing on your hands, because in our case, we had, when we go, go back here, the active directory is here, where in a unknown state, we didn't know the data quality in the active directory. So what we did is we did not use the ID information. We went to human resources and said, give us, give us the current state of, of employees and in an Excel sheet. And we just import the actual sheet and the ID data and the Octa data are completely separate. There is no synchronization. I see our personal challenge, which we have, and we are about to solve. But the techs time, because what you have to do is you have to unite, basically all of these active directories to a single one. And then you can sync at least in our case. Again, if your data is in a good shape, which ours isn't, or wasn't probably isn't, then you can't, then you have a, you have a problem. So we did the other way around. We established Octa and second database.
Okay. Interesting. So you have anything else you wanted to show us in the system? I'm just making sure that I don't steal your time.
Anything else? Let me look. I don't think so. Well if I find something I can always pipe it.
Yeah. Basically. So we can just continue with the Q&A. So when you think back, you started with Okta, you had some challenges and all that stuff. So how, what advice would you give? So if someone is also saying, okay, you are in the same boat, you have a lot of active directory. You want to go maybe in the direction of the cloud. So what advice could you give some of the peers,
The I, well, the advice would be data governance do, do what you can to get your data quality up and know about the implications because we need to integrate so many systems. The prime system, we, we try to integrate now is human resources because they have all data. We had, we had this very, very stupid process that the employees, because of just because the process was like this, the employees were being added to our human resource system, asked are they actually started working. And that is so weird, right? Because if you, if you think about it, process the it process starts way before the new employee arrives because he needs a laptop. Maybe he needs a desk, he needs the monitor. He needs a phone number, an email account. He needs all of this stuff. And human resources was in the beginning because the old process was meant like that.
Unable to provide us the data before the new employee would actually arrive. So that was, that was so weird. Of course, we changed that as soon as possible. And now it's, it's working the other way around, but you have process process. You have to change your processes basically. And you have to know which data must come from where and who is responsible for the data. Our primary login name is the, the employee ID number. So human resources is responsible for supplying that number. And you have to tell them that you need that number at a specific timeframe. So this is, this is all stuff which has to be done. Octa. Isn't very simple. It's a, it's a database of users with open API. It's an actually very, very simple idea, which makes it so powerful. But the, the implications to implement the idea, that is something you have to think a little bit about and a little bit of an understatement.
That would be one that would be, that would be one advice I can give. And the second one is, if you want to go cloud, oh yeah, I then, then you, then you will probably face companies who have never heard of anything else in active directory. And you come with open ID and they will say, what's this is that something ID unknown. We don't, we don't know. Nah, no, never heard what, what what's this we don't know. And then you're, you have to explain to them, no people are actually giving this. Yes. Even Microsoft is using it. Yes. Even for Azure. Yes. And every single URL, you can see an open ID token. Yes. It's a thing. Yes. It has a Wikipedia page. Yes. It's a standard. Yes. Again, you, we want to have that as our preferred solution. And this is a, this dialogue, which can be very tiring. You have to know that. Yeah.
So I think that it was acceptable at what Christopher also said in the beginning that we say, okay, now it's it's legacy. And now we're switching to some state of the art technology basically. And of course you have a lot of people out there. Well, all living in some kind of a legacy code legacy technology, and you have to get used to, to all the new stuff what's what's happening there. But I think it's, it's the time now, now, or never that's what's true. Yeah. Thank you. Yeah. So I was talking very short today in my presentation about multifactor authentication, also the advanced multifactor thing or adaptive multifactor authentication. I'm just curious, what, what multifactors do you currently use? And maybe you can tell us some good or bad experience maybe with the employees that they, whatever had problems with this or that. So just to give the, the people here, some advise to better say, Hmm, let's do it that way.
Well, multifactor is activated for our it personnel because they have a lot of access to all, to all assistance and they, they have managed to do it. We try to activate this for other people and yeah, you, you, you really have to train them. You have to prepare them because a, a chef asked them English, chief doctor, I don't know, like, like a doctor higher up in the hierarchy. He, he's not really concerned with, with something like entering a number to log into a system because it concept contains sensitive data. He's he wants to get the job done. Right. And if you, if you add a step in the process of him writing his diagnosis to somebody, then you really have to explain to them that this is something that is really, really necessary because a data breach is not to be taken lightly. And usually they understand actually, that's, that's a positive thing.
But to roll this out in, in the field, you have to, you have to have a concept ready and you have to train the people and you have to define which application is protected in what way from, from where basically, because you don't want to have additional security within your actual physical site, because why should you write your onsite? You should not be, you should not need to, to enter some, some additional verification into our systems, but if you are at home and you want to want to enter something in a sensitive system at home, there, you should have, you should have it. And that's something we are trying to define now, but we didn't have the brainpower available yet to do it because have just so many things on our plate. And this is, this is not something with priority, but the it team was secured very early on because that is, they have access to everything. And, but couldn't that couldn't just be a password. Okay. Okay. I understand. Yeah.
Sure. So you were talking a little bit about the October workflows and I thought maybe it helps when I share maybe one slide real quick about what it means. So, because we saw it in action, what was life, but we don't didn't really see that we had the yeah. How it really works. So I wanted to just share this slide and you can, of course, just ask me some questions around that. So what does does the workflows means X level are talking a lot about automation and running in Azure. And of course, as he told you, you have to build it on your own. So it's not something like click, click and done. So you have to write code for that. And we were also thinking about that and saying, yeah, it can't be the end of the diner. So we have to make it more simple.
And that's why we came up with the Octa Brook flows, what you have seen in the demo. It's very easy to, to just build a workflow and just click on it and are ready, ready to build it. So basically it's about that when something happens, so it can be an event, it can be and trigger. So run every X hours. It can be an outcoming or ingoing API. For example, in my, my thing here, Okta science, a user to Salesforce, then do the following. So you can do, if this is true, then continue. As we seen in, in actual short demo. And then you want to do some actions. So we can either go with our existing catalog, what we have in here. So it really means that we say you want to assign someone in a specific territory in Salesforce. You want to send out a slack message. You want to send out a teams message. You want to send out an email or you want to wait or to create a ticket maybe in JIRA or in whatever ticket system you have. And wait until that is, that is approved. And if that's approved, then go for the, and then do the following. So I think that's something, what you are, what you already built. And I want to just to make it clear for the audience, what it means for yeah. For the customers and people are using actually the October floss just to give.
Yeah. And I, again, I can't over estimate how useful this is to have an automation like this, because it will just basically kill a whole, a whole set of support requests, which are otherwise constantly happening, like name changes, or assignment issues or, or rights issues. Something like this. It's incredibly helpful. Even if it's just the stupid display name, you wouldn't believe it's really helpful.
So excellent. Maybe, maybe one, one more question until we, we will enter maybe the Q&A round. How happy are you with, with Okta? So once you built now, how it works and just maybe to give some, some summary of what happened,
Happiness, technically very, I really like re I really like the, the open standards you adhere to standards, everything you read in RFC, refresh request for comment for the non-technical people like everything standard in the internet is packed into news or so-called RFC. And if you read that you, you follow the well known your hours, you follow all the processes. It's really nice. And you can integrate anything because you can rely on Okta being standards compliant. This is awesome. The, the thing, which is always an issue is the price tag, right? You, you have a great product and you want a good price for it. So it has to be you, you need to think what you actually need. This is that the only thing which I could tell is yeah. Maybe unhappy as a, from product perspective. Okay. It's awesome. I really can recommend Octa from front to back. And I want to have more of it. We thinking about open, open server access right now,
Advanced server access,
Advanced server access, because we have Linux servers, which I want to protect now. Yeah. It's, it's a thing. Right. So Okta has a solution. It's great. You can all buy into one identity management thing. It's cool. I am very happy with,
But that's good to hear and yeah. About the money. Yeah. Good stuff. Costs money. That's for sure. But we'll, we'll figure it out. That's that's also true and, yeah. Thanks. And thanks for bringing up advanced server access because I've, I've seen in the questions. I think we are we're ready for the questions. Or so then I will just, just don't jump into them. I already seen that someone asked about, can you also access like Linux servers and windows servers and yes, you can. So that's advanced server access. And that really means that we have a little agent on the server, whatever it is, it can be a windows or Linux, and all the users are basically stored in Okta. And you can say which server should be accessed by which user. And based on that, they can then go ahead and connect via truck by a tremolo c'mon prom.
They connect by RDP. They can directly connect via our dashboard. What you've seen in the demo from Alex. And just in time, we will deploy a certificate, which is very short. So until you log in, then it's already expired and then you can use the server. And when you log off, the certificate is basically revoked already. And we are just adding a lot of functions also. So you can also build something in workflows now that you, maybe when a users requesting access a server because of a help desk, then you can also directly use a group in Okta and make a time limited group to grant access to a specific service. And after that, the time is over two hours. Then the excess is automatically revoked on all of your service, what have been involved in the, and the ticket, for example.
Okay. So I think this is the time for me to take control back. Thank you very much to Thomas. Thank you very much to Xcel for this really interesting insight into how you solve your problems by using Okta and again, to the audience. If you have any questions, feel free to ask them in, by using the go to webinar control panel, we have some questions. And the first one is I think, best for Thomas it's about you are you have a cloud native application. Okta is hostile in the cloud. So the typical questions regarding to where's the data hosted, is it in the U S how about data, privacy, GDPR, and all this stuff. Can you tell a little bit about that, especially for the European attendees of this webinar?
I understand that. Yeah. Good question. Whoever asked that. So what I always tell my prospects, our customers, you can check out the Octa website. So we have to have very good technical white paper. I think it's 30 pages of something, so they can see where it is hosted. How is this hosted, how it Brooks, but in short, we are running on, on ads. So the Amazon web services, and you can of course choose where you want to run. So do you want to run in front of work? Do you want to run in the U S or in APEC, whatever you want to have, and it also depends what you want to store in Okta. So we can also go very limited with the, the attributes of your users. You don't have to go with all the attributes into the Okta cloud, because with just the, basically a broker for the, for the identities, what you have. So I would highly recommend just check out our security white paper. I will, I think we will just publish it also when we publish all the, and all the slides later on, and I can just link it. And basically they all get a good understanding how it is with security. And the other way is Octa trust. So it's just octa.com/trust or one or the other. And there can check out which has certificates and which, yeah, which security measures we have in place to protect you there. So from
The audience, there is no further question, Axel, some famous last words from your side by using Octa, you already mentioned the big benefits, maybe something more to add from your side.
That's famous. Last words. I don't know if not, that's fine too. I would say this way of authentication this way of integrating applications is the future. And I think Microsoft, because I would do the same as trying to, to enhance their own team space ecosystem. So because they are very big and the word Octa provides is spending the alternative because with Octa, you can very, very easily integrate different applications from all over the world, from everybody who has an, a cloud application, which is good. This is I think, choice. And I like choice. Yeah.
Perfect. And at the end, as you already mentioned, it depends on your use cases, what you need to find the perfect tool. So thank you very much to Thomas to act like him. Thank you to the audience and have a good day. Thank you. Bye bye. Thank you. Thank you.