Extending Active Directory to Box for Seamless IT Management

2,475 views
2,155 views

Published on

As organizations move mission critical files and data into Box, security and productivity become increasingly important. How can IT enable users to seamlessly access Box with their existing network credentials or ensure that user accounts are automatically provisioned and deprovisioned as employee roles change?

Historically, Active Directory has been core to application security and productivity. However, Active Directory was built for on-premise networks and does not easily integrate with cloud applications like Box. Okta’s Active Directory integration service bridges this gap, takes only moments to set up, and best of all… is FREE!

This webinar will discuss Okta’s free Directory Integration Edition for Box, and how it can deliver the following benefits:

-Single sign-on with federation or delegated authentication
-Automated provisioning & de-provisioning via Security Groups
-True end-to-end provisioning from HRIS systems like Workday
-Password synchronization
-Multifactor authentication

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,475
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
59
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Extending Active Directory to Box for Seamless IT Management

  1. 1. Box à Active Directory with Okta
  2. 2. Agenda -  Introduction to Okta and Box -  AD Integration with Okta -  New Offer from Box and Okta okta confidential 2
  3. 3. IT is Going Through a Radical Transformation… okta confidential 3 Applications Employees, One Desktop Users On Premises Increasingly In The Cloud Consumerization of IT & Post-PC devices Cross- company collaboration
  4. 4. …That Transformation Causes New Problems okta confidential 4 ApplicationsUsers User store
  5. 5. okta confidential 5
  6. 6. okta confidential 6
  7. 7. okta confidential 7
  8. 8. okta confidential 8
  9. 9. okta confidential 9
  10. 10. Modern Identity & Access Management okta confidential 10 •  First true Cloud IAM service •  Full suite of IAM features (SSO, provisioning, analytics) •  Bridges existing user stores (AD / LDAP) to the cloud Modern Identity Management Veteran Team Strong Customer Success
  11. 11. A  simple  vision.   Share,  manage,  and  access  your  content   from  anywhere.  
  12. 12. The  Market  is  Transforming   IT  Moves  to     the  Cloud   Consumeriza@on     of  IT   Everyone  is  Sharing   and  Collabora@ng  
  13. 13. What  We  Expect  From  our  Apps  Now   100%  cloud-­‐based  for  low  cost  and  easy  maintenance   ✔   ✔   ✔   ✔  Works  on  any  mobile  device   Fully  flexible,  but  compliant  with  your  IT  policies   Secure,  trusted,  scalable,  and  always  available   The  New  Enterprise  Apps  Checklist:  
  14. 14. MANUFACTURING   &  INDUSTRIAL   INTERNET  &     HIGH  TECH   ENTERTAINMENT   &  MEDIA   SERVICES   EDUCATION  &   NON-­‐PROFIT   RETAIL   Customers  Love  Using  Box  
  15. 15. Our  PlaWorm  
  16. 16. A  Vibrant  Ecosystem   300M   Monthly  API  Calls   220+   Applica@ons   8,000+   App  Developers   Box  Partners  
  17. 17. Users   IT   Superior  Solu@on  for  Users  and  IT   ü  Easy  to  use   ü  Accessible  anywhere   ü  Streamlines  sharing   ü  Enterprise  grade  security     ü  Simple  to  deploy  and  maintain   ü  Lower  TCO  
  18. 18. Agenda -  Introduction to Okta and Box -  AD Integration with Okta -  New Offer from Box and Okta okta confidential 19
  19. 19. Active Directory Integration - Overview Remote users authenticate with AD username and password 1 Local users transparently authenticate using Integrated Windows Authentication 2 Access policies driven by AD security groups 3 Remote/Mobile Employees Active Directory Employees Okta Agent(s) Group Sales Firewall okta confidential 20
  20. 20. Active Directory Integration - Benefits Remote/Mobile Employees Active Directory Employees Okta Agents Group Sales • Simple agent install, no network configuration required • Multiple agents supported for HA authentication Easy to Use, Just Works • Scheduled or Manual Import of Users • Automatic De-Activation in Okta of Disabled/Deleted Users • Delegate Authentication for Okta to AD Broad Functionality • Integration into Windows Desktop Login Tight Windows Integration Remote users authenticate with AD username and password 1 Local users transparently authenticate using Integrated Windows Authentication 2 Access policies driven by AD security groups 3 okta confidential 21
  21. 21. Integrating Active Directory Download AD Agent, Install on Windows Machine 1 Configure Agent: Directory Location, Credentials, Sync Interval 3 Configure import rules 4 Internet Firewall Your Network AD Domain Controller Okta Agent (On Windows Server) https://yourcompany.okta.com 2 •  Enter Okta URL and credentials •  HTTPS from company to Okta •  No firewall configuration necessary okta confidential 22
  22. 22. Import Options • Confirm and Activate on Login okta confidential 23
  23. 23. Ongoing AD User Synchronization Internet Firewall Your Network AD Domain Controller Okta Agent (On Windows Server) https://yourcompany.okta.com 3 Users provisioned, de-provisioned; application assignments based on security group membership AD Agent Scans AD for changes and makes HTTPS request to upload to Okta 1 Okta receives update, processes user and group changes 2 okta confidential 24
  24. 24. Delegated Authentication to AD Internet Firewall Your Network AD Domain Controller Okta Agent (On Windows Server) https://yourcompany.okta.com User logs into https://yourcompany.okta.com using Okta username & AD password 1 Okta communicates to AD Agent via persistent connection to validate password 2 Agent responds with success or failure 3 Okta returns Box homepage (success) or failure message 4 Inside/Outside Network okta confidential 25
  25. 25. Desktop SSO Firewall 2 1 AD Domain Controller Get To Box with NO Login Page • User logs on to domain • Can then access Box with no additional login Secure: Uses Integrated Windows Authentication (Kerberos) Easy to deploy: Leverages light weight agent running under IIS Okta IWA Agent okta confidential 26
  26. 26. Integrated Multifactor Authentication •  Security question •  Smart phone Soft Token •  Can integrate with 3rd party MFA products •  Flexible policy •  Self service configuration •  Fully integrated as part of the Okta service •  Phishing •  Guessed passwords •  Key loggers okta confidential 27
  27. 27. Case Study okta confidential 28
  28. 28. Enterasys - Key Challenges -  Security -  BYOD, BYOA, Consumerization -  “Cloud First” IT strategy -  Increasing number of cloud apps, rapid move to the cloud -  No existing SAML infrastructure for single sign-on -  Application Adoption Metrics 29
  29. 29. Okta @ Enterasys 30
  30. 30. Enterasys - Key Benefits Realized -  User Benefits -  My Applications page -  Desktop SSO using Integrated Windows Authentication (IWA) -  One password through AD integration -  Consistent Access from any device (BYOD) -  IT Benefits -  Security -  Ability to monitor application adoption -  User deprovisioning -  AD integration, Groups 31
  31. 31. Agenda -  Introduction to Okta and Box -  AD Integration with Okta -  New Offer from Box and Okta okta confidential 32
  32. 32. New Offering from Okta and Box -  Use Okta to Connect Box to Active Directory -  Secure Access to Box -  Reduce Administration Costs for Box -  Do all of this for FREE okta.com/box okta confidential 33
  33. 33. Many customers use Okta + Box together today okta confidential 34 Enterprise SaaS Technology Life Sciences Online Services Mfg, Legal, Finance
  34. 34. Why this new offering? -  Solves a common requirement for Box users (integrate Box with Active Directory) -  But now lets you do so for Free -  Introduces Okta to more enterprises. All of you will use more cloud apps in the future, and we want to be the partner you turn to. -  It’s very easy to expand Okta to cover the rest of your applications. okta confidential 35
  35. 35. Call To Action Get a free Okta account for Box here: www.okta.com/box Questions? Ryan Carlson, Okta rcarlson@okta.com Brian Dirking, Box bdirking@box.com okta confidential 36
  36. 36. okta confidential 37

×