Identity is hard.
(No, Computerworld hasn't been taken over by a freshman Philosophy 101 class.)
It's just that in a virtual world where one person may use dozens (or hundreds or thousands, depending on your line of work and/or love of installing new Angry Birds spinoffs) of discrete apps across their work and personal lives, identity is both crucial and hard to maintain. It's why the option for Facebook, Google, and Twitter logins are so prevalent in apps all across the web. And it's why some analysts forecast that the identity and access management (IAM) market will be worth $10.39 billion by 2018.
Enter startup Okta, which this week hosts its annual Oktane event here in San Francisco to show off the latest expansions to its enterprise identity platform. Of those, two are worth homing in on: Okta Developer Edition, which makes it easier for developers to integrate unified identity solutions into their apps with Okta solving all the usual headaches involved on the backend; and an enterprise mobility management (EMM) offering that takes its core single sign-on (SSO) identity platform and kicks it up a notch to include device management.
Okta Developer Edition is designed to scratch a very particular itch, according to Okta Chief Product Officer Eric Berg. The idea behind Okta is to give employees at enterprises using cloud applications a consistent way to log into their data by way of only one corporate login. Right now, Okta supports 3,000 apps that way, but the company has big ambitions to soon support as many as 10,000.
Meanwhile, identity is a real pain for developers. Almost any app that stores user data has some kind of username and password system. Somebody has to maintain a database of user logins, handle authentication, and, in the era of U.S. Postal Service data leaks, handle encryption to make sure no unscrupulous third party intercepts the transmission. And that's not even taking into account the fact that multi-factor authentication may well be the wave of the future, which presents its own set of challenges.
"The development path around that is kind of Herculean," said Berg.
Okta's core development team has spent the last 5 years and much of its $155 million in venture capital funding to build out a solution that handles all that between an app and the Okta cloud. Why not open those APIs up to developers, Okta asked itself? Why not, indeed.
Better yet for developers, it doesn't actually require the use of the Okta SSO portal on the backend: Okta already supports third-party logins with the aforementioned Holy Social Trinity: Facebook, Google, and Twitter. If you log in with one of those, though, most app developers will still want to covert you to a native login eventually, if only to gather more information about users. Okta Developer Edition can capture the social logins and still make it easier to maintain a user database later.
"That's just a feature of the Okta platform," Berg said.
When developers don't have to worry about identity, goes Okta's sales pitch, they can devote resources to actually improving apps and working on features that go beyond the basic login. For Okta's part, it gets a wider reach, with more apps that will work with its SSO portal. A rising platform lifts all ships, or so goes the current Silicon Valley meme.
As for Okta Mobility Management, Okta CEO Todd McKinnon said it's just a natural extension of what the company's been working on this last half-decade. Back when Okta started, both Apple iOS and Google Android were still very much nascent in terms of enterprise features. This opened up the door for a lot of vendors -- like VMware's AirWatch or MobileIron -- to step in and fill the gap with some rather draconian management policies, often requiring a device to undergo a total memory wipe and a corporate identity installation before that new iPad you got for Christmas could be used on the network. And heaven help you if you had personal data on that iPad when you quit your job, because that sucker's getting wiped again. Not very much fun for the user, but great for IT's iron grip.
Nowadays, McKinnon said, Google and Apple have caught up to the BYOD world, and their latest operating systems "obviate" most of those kinds of solutions. Without the installation of any additional software, corporate administrators can require that iOS or Android devices have a passcode and a remote wipe policy before getting on the network. It's just a little kinder and gentler.
This has an unintended consequence, McKinnon said. The companies who do have EMM solutions installed hate them: Users get annoyed at IT's level of control, while IT gets annoyed that they pay more as users bring more devices into the office, thanks to the traditional per-device billing model of most EMM vendors.
And companies that don't have EMM hate that, too: Even though the sky's the limit as far as devices on the network, no easy app provisioning tools and no easy way to do things like reset passwords remotely make IT administrators Homer Simpson crazy.
Which is where Okta comes in. Okta's whole philosophy comes from viewing things like identity at the user level, which means that the number of devices a user brings into work should be irrelevant. All that matters to Okta is deploying the apps the users need, with the controls for provisioning IT wants.
"We have this idea about what the market needs, but we've always been customer-driven," McKinnon said.
Since Okta's core identity platform maintains a directory of users, the apps they should have access to, and their passwords anyway, it's just a natural next step to add the layer that handles provisioning and de-provisioning apps on mobile devices. When a user leaves the company, McKinnon said, your personal data is left intact, but the work stuff is just...gone, deleted from the Okta user roll call.
For $4/user/month, you can enroll theoretically unlimited devices and get off the new-device-new-license treadmill, he said.
The final Oktane '14 announcement involves multi-factor authentication with the expansion of the company's Okta Verify program, enabling customers to easily add a secondary authentication layer to their customer-facing apps. That expansion includes the ability to authenticate with an Okta-powered app just by clicking on a mobile push notification, eliminating the need to enter a numeric passcode.
Okta's latest round of $75 million funding was a Series E, indicating that it's nearing the end of its long march to IPO. If Okta Developer Edition and Okta Mobility Management take off like the company wants them to, they're going to be more deeply entrenched in the enterprise app space than ever.