Addressing Key MFA/PAM Integration Use Cases with Okta & BeyondTrust

Corporate data is living in more places and in more diverse environments, and users are increasingly connecting from remote or unknown locations. As organizations are pushed to solve the ongoing challenge of keeping users connected and productive, they accept an element of risk with every new application, hardware, and remote access request. Protecting the enterprise’s high-value assets against attack and exploitation is critical.

To help reduce the risk of cyberattacks, including credential theft, keyloggers, and brute-force attacks, BeyondTrust and Okta have integrated their solutions to allow out-of-the-box connection of multi-factor authentication (MFA) with single sign on (SSO) and Privilege Access Management (PAM).

Okta Adaptive MFA integrates seamlessly with BeyondTrust via either the SAML or RADIUS protocols.

This integration provides a secure, frictionless user experience, while enabling organizations to improve access controls and visibility by:

• App-based access for users to access BeyondTrust PAM solutions
• Verifying the identity of those users accessing privileged accounts
• Provide an audit trail of secure access requests

Key MFA/PAM Integration Use Cases

1. Step-up authentication via Okta when accessing privileged accounts

When users establish a privileged session to a server or network device, they can leverage their existing desktop or session management tool and an authorization push can be sent to their device of choice.

This level of integration ensures that users requesting access to privileged accounts and systems are properly authenticated.

2. Federated Access for Privileged Accounts

This integration can facilitate secure access to protected web applications and consoles, including Azure and AWS, without exposing credentials to the user and without ever leaving them in memory of the computer where they can be scraped. Additionally, Okta administrators can provision new accounts into the BeyondTrust solution through Okta Desktop when integrated with SSO & Active Directory. This eliminates a step in the process and streamlines the account creation.

SSO to BeyondTrust PAM Solutions from Okta Dashboard

Using the Okta dashboard, customers can quickly add and configure SAML integration to BeyondTrust PAM solutions, allowing users simple access to their privileged accounts without being asked to reauthenticate to a different system. The secondary authentication process supports multiple second factors – from SMS, voice and email, to one-time passwords. This secondary authentication process ensures the user accessing the PAM system is authorized and correctly identified.

These are just a couple high-level use cases and benefits of integrating BeyondTrust and Okta solutions. You can learn more about BeyondTrust/Okta integrations here: www.beyondtrust.com/okta.