Okta and Box
Heard of Okta? It’s the market-leading, on-demand identity and access management service that enables enterprises to accelerate the secure adoption of their web-based applications, both in the cloud and behind the firewall. This turnkey solution automates user management and SSO with cloud and web applications.
Okta Directory Integration Edition for Box offers a complete, robust, and easy-to-use Microsoft Active Directory (AD) integration with Box that provides a seamless authentication experience for Box users. Automated provisioning and deprovisioning of Box accounts-based on AD users and security groups is also provided.
The Okta team has built, deployed, and supported enterprise software solutions from companies including Salesforce.com, SuccessFactors, PeopleSoft, Microsoft, Sun, and HP. Okta is backed by premiere investors including Andreessen Horowitz, FLOODGATE, and Ron Conway.
For many Box customers, Microsoft Active Directory is a core piece of the identity management infrastructure. With AD serving as the enterprise directory, user authentication and application access policies around on-premises applications are often tied to users and security groups in AD.
Similarly, the ideal Box deployment should be able to tightly integrate with AD. Box accounts should be created based on AD user profiles and security groups. And users should be able to leverage their AD credentials when accessing Box.
Without native AD integration, administrators must create Box accounts manually for each user. Any subsequent user profile changes require manual updates. When users leave the organisation, their AD account might be disabled while their Box account is still active—unless administrators manually deactivate the account in a timely manner. These manual processes are inefficient and extremely error-prone; and the hassle extends to users, who must deal with yet another set of credentials stored in Box.
As a result, user productivity is affected—and the risk of exposing inappropriate access increases.
With Okta’s Integration Edition for Box, you and your company will be able to:
● Automate provisioning in Box. This is based on AD user profile and security groups.
● Log in to Box with your AD credentials.
● Use Integrated Windows Authentication (IWA) for true SSO with Windows domain.
● Automated Box account deprovisioning, which is triggered directly from AD.
Automated User Management
Okta Directory Integration Edition for Box integrates Box with Active Directory and your existing user lifecycle management around AD. Box accounts are automatically provisioned based on AD users and security group membership. As changes are made in Active Directory, Okta ensures that synchronisation between AD and Box occurs automatically at configurable intervals, so access privileges are always up to date.
With Box users authenticating directly against AD, when users are disabled in AD, their access into Box is immediately revoked. Okta will suspend the Box account to prevent access from any other clients or devices, ensuring proper account deactivation in Box.
Easy to install & Configure
Okta Directory Integration Edition for Box is a purpose-built solution that seamlessly integrates Box with Active Directory. With the click of a button, you can download the Okta Active Directory agent and install it on any Windows Server that has access to a Domain Controller. No network or firewall configuration is required.
Enabling automated user management for Box is equally simple. Through the Box User Management configuration in Okta, administrators can complete integration in minutes to enable account provisioning and deprovisioning between AD and your Box instance.
Delegated Authentication & Desktop SSO
With the AD integration completed, Box customers can contact their customer support to quickly enable delegated authentication with Okta through Security Assertion Markup Language (SAML). Users can now log in to Box with their AD credentials. With SAML, Box delegates user authentication to Okta where user credentials are entered and verified via the Okta Active Directory agent with the AD server.
No password is stored in Box or Okta—the AD server remains the single source for authentication. There’s no need for users to remember another password or reset their Box password, because their AD password is their Box password.
Box supports SAML for its web interface as well as its desktop synchronisation client and mobile applications. For users who have already authenticated to the Windows domain with their Windows network login, Okta’s support for IWA provides a true single sign-on experience to your Box account.
Security is a key component of the Okta Active Directory agent. Communication between the agent and Okta Directory Integration Edition for Box is protected with SSL encryption.
Man-in-the-middle attacks are prevented using server-side SSL certificates. The agent authenticates to the service by first using organisation-specific credentials, then exchanging cryptographic keys used for all future communication. Further, any agent’s access can be revoked at any time from the service by deactivating its security token.
For further information on how Okta’s integration edition for Box can help you and your business, please drop me a message.