Integrating third party authentication with Servoy: Okta
Integrating third party authentication with Servoy: Okta
All right. So before we jump into demos, because we have a few demos to show, excuse me, I wanted to talk a bit about today’s demo. It comes together pretty quickly off of something we worked on last week. We did a proof of concept with a financial tech software vendor who was very interested in doing this integration. And so I thought it was a bit about this proof of concept that we offer to our customers and prospects who would like to evaluate the technology. It’s really a great little lab for us to test ideas to discover what’s possible to prove that things will work or prove that they will not work. It’s good to know that upfront. And so I just thought I’d throw that out there if you’re not new to Servoy, it’s possible to engage with us in a proof of concept to determine certain outcomes. And so, in fact, many of some of the extensions and the new features are born in these proof of concepts, because it’s really where ideas get tested and we can discover what’s possible and also what people really need. And so this is one of those items that when it came across my colleague was working on it. And when I heard about it, I was really excited because I know, year after year I see this topic coming up. And so this is a, I think, a real good one and I’m excited to show it. And so, I think, I think, I think about the demos we’re going to show something called single sign on something called multi factor identification and then also some self service provisioning that is available. So let me jump right into things here. I’m going to launch a new, a new client. If you can see my browser, you can see that I’m prompted with a login and my company logo. Now, I didn’t build this as a form in Servoy. What I’ve done is I’ve added a widget that we created that you can just drag and drop on a form. And what it’s doing is it’s connecting to the octa identity management cloud and it’s going to take care of the authentication for me. So I’m going to put in my credentials. And what I’ve done is is on the octa identity management cloud, I have enabled multi factor authentication. So when I sign in here, it’s, it’s going to move me over to that step. This form, it shows octa but but everything here can be white labeled and style can be controlled. So probably in a production setting you would continue to see your company logo here. But it’s pushing me over to the multi factor authentication. And you’ve probably seen something like this before when you’ve access to banking application or some other application. And typically it’s a text message or sometimes an email or even a phone call. So I’m going to go ahead and send an email to myself. And so that email is sent. And you can see that I get my one time verification code. I’ve done this 40 or 50 times. So I’ll go to the bottom and get the most recent one. There it is. Copy that come back to the application and paste it in. And I’ve verified now through a two step authentication. Just now I’ve I’ve accessed a Servoy application this could be any application. I could click around and use it, et cetera. That’s a topic for a different day. Now I want to log out of the application. So the next thing I want to show you. Right now, single sign on where I’m using credentials from another organization from identity management platform to sign on. I’ve shown you multi factor authentication where you can use two step process or multi step process to verify the user. Now a bit about self service. I need some help signing in. I forgot my password. And I can go ahead and put in. My email. And I get a link to. To reset my my my password. If I do this, I get. There. And I go out and I I. I am. I self service. I am. I think I clicked an older email. I’m not going to follow through all of that. But that’s how you would you would reset your passwords. So this is something that I see a lot of our customers working on is to build their own like. I forgot my password workflow and and manage all that. So a lot of these identity management platforms have that built into their single sign on services. The other thing that I could do. In terms of self service is. I could provision myself. So let’s say I don’t have an account already. I can. Sign up for an account. And I can go ahead and. Put in a new. Email all use a personal email. That already exists. Well, I will delete that user and show you. So. And this is a good opportunity to show you some of the dashboard. Capabilities on on these identity management platforms. So here I can see the users that are provisioned to my application. And I’m going to go into this user. And I’m trying to create because it’s already created. And I could. I think I have to deactivate it and. And. Delete it. Okay, so he’s gone. I can try this again. Okay, so now verification email was sent. Probably have to sign out here. You can see that Octave. Octave activated account. And it takes me directly into the application. So. So, so there I activated my account and it continued with the login process. So. Even though it’s using a totally different service for that. It’s all integrated together. This is this is another area that I see a lot of interest in going back years and years. To be able to offer self service for recovering passwords for. Provisioning yourself to new applications and a few other items. So that’s pretty much the stuff that I wanted to demo to you. In terms of under the hood. If I go to our login form. There is. Part in the console message up at the top. You can see that really we just put this component. On the form. You can see the elements. It’s the sign in widget. So this is a. A component that you would get out of the webpack. Manager like any other component. You drag it on the form. You can see it right here. Sign in widget. Drag it on the form. And you can see that we specified the login callback. And. So when the form loads we. We sort of sent a configuration into the widget. And. When we’re authenticating we get this call back. And I’m just calling secure.ty.log. And so there I’m using whatever other security mechanisms I have on the application. I can use that. To complete the login. So. Pretty much by by dragging this component on your form. Setting a bit of configuration like your. You know your client ID that you’ve registered with octa. That sort of thing. A little bit of branding right the logo for the Servoy logo. There’s a bunch of other options there. And then we get this call back. And I’m just calling security.log. And then I’m just going to call back. And I’m just going to call back. And again there’s a bunch of other options there. I did enable the self service registration. Was another option. But that’s really the only code to show because that’s the only code that I wrote. Excuse me that has to do with. With the single sign on part. So why don’t we switch over to a bit about what we just saw. And then we’ll have some time for questions I think. And these identity management platforms are really sort of an as a service model of the part of IT, which deals with managing credentials, password rules, security policies. And some of them even provide analytics about security, such as sessions and that sort of thing. So, design on terminology really refers to the fact that you are reusing a set of a single set of credentials to gain access to, you know, a bunch of interrelated applications that need to work together. Why would your organization use a single sign on technology, like what we just demonstrated, it could be that your customers are asking for it. They want to already just manage, you know, one set of credentials and they don’t want to have to create new credentials for every application, including your application. Other organizations do this because they want to, they really want to outsource this and rely on industry best practices and the best players in that industry. So, most in most cases, an identity management platform company can provide a more secure robust sign on experience and management of credentials and security policies than organizations can do by themselves. So, just like you would outsource any other infrastructure like servers on the cloud or something like that. People are outsourcing the flow of identity management and sign on to these providers. But really, I think for your end users, it provides a coherent user experience across an ecosystem of, you know, different different applications. Obviously the multi factor authentication. The reason that this is becoming more and more the standard and you’ve probably seen this in applications that you use yourself is that most security breaches do come from compromised credentials. So, a password was obtained and then someone gains access. So, in the world and still gain access to your account because they have your password. So, a multi factor authentication is a step to intermediate that process and say, okay, you have the credentials, but are you really you so you use something else like do you have your phone with you, do you have access also to an email account or even biometrics and that sort of thing. So, I think that a strategy should be adaptive. The one that I showed you is forcing me to enter the verification code every time I log in. That’s pretty strict. Usually what you see is something like every month you have to do it or if you’ve logged in from a new device, then you have to do it. The example I showed with octa is nice because all I have to do is go into that dashboard, you know, in the administration area where you saw me delete the user. I can go in there and I can say, okay, under what scenarios do I want to force the multi factor authentication and which which mechanism do I choose to I want to do text message or email, etc. Most most of the time it’s text message, but that’s a bit hard to demo. So I switch it to email. Another another thing that we showed was being able to do some self service. This is really important to allow your users to to manage their own credentials and manage this stuff themselves to cut down on support and it provides a more robust model. So in terms of provisioning someone to, you know, creating a new identity or taking an existing identity and provisioning them to a new application. This is something that we see a lot of interest in for years and years and I think it’s becoming easier and easier if you outsource this to one of these platforms. So finally, what is type of what is an octa. I meant to say what is octa. It’s really one of the it’s there. I mean, there are many others, but it’s one of the best in class identity management platforms that that has all these tools that we’re showing you. In addition to what I showed you, there’s a lot of other things that that get rolled into this service. Of course, you have full administrative control. You can do some analytics. You can see, you know, where your users are logging in from and that sort of thing. So any other type of analytics you would you would expect. You can also white label everything. So it’s end user may not even know that they’re. They’re using octa or they may know it and that’s their choice because they want to they want to use one set of credentials for for a bunch of different applications. So something that I didn’t show that comes with this particular services is a whole slew of rest API. So anything that I could do in the administrative controls I can also do via API. Something that I wanted to show was to go and fetch the user profile and display some things in the in the form when after the after the login because there’s a bunch of rest API’s where you can kind of double up on the single sign on stuff with just a bunch of other security management. On that you can do as a service. Another cool feature is that your application can also exist in a marketplace of public facing applications. So if someone wants to see what they can access using their credentials on an identity management platform. They can you can browse public facing applications. Similarly, your users can also connect your application to other applications that are in the same sort of ecosystem space. And I think that’s important for user experience. I’ll leave this list of useful links up here. We do have a project home for this. And we’re going to release this through the web package manager. There’s also the link to the octa home page as well. So if you have any interest in using this technology, please send an email to me or post a comment on the form thread about this tech series. And this webinar is recorded so you can watch it again if you missed anything. Steve, do we have any questions? A couple. Lewis gives more of a statement. I think he may already have some experience with this. It says regarding how often the app prompts for MFA on the sign on tab for the octa app. You can add a rule that defines how often the user is prompted i.e per day month six month, etc. And I think you talked about that that that the the MFA frequency is is configurable in the administrative tools of octa. Yeah, exactly. And even some of the scenarios are configurable. So if it’s from a new device, you might request a certain kind of MFA option. If it’s you haven’t logged in and a while you can request a different one. So the flow of that is configurable completely. I actually have a few questions of my own. The password requirements. Are you able to configure things like how many characters and password, how many special characters, what special characters you want to exclude things like that, is that something that’s configurable? Yeah, yeah, it’s totally configurable. So you may have noticed when I was doing the self service part. And I was creating the user, it sort of is checking the password as I’m typing it in for strength. You know, and that that’s all configurable and what’s nice is you don’t have to write that code yourself and and moreover you get to use industry best practices. So, you know, if you want that strong password requirement, you know, it’s already it’s already created for you. I know in my experience several times I’ve had to build just exactly this all of this about recovering passwords entering new information you know creating new logins it’s it’s really a relief to see that there’s something that’s available in it handles all of that kind of heavy lifting. A couple of other questions. Is there a cost associated with with on. Yeah, there is I’m not exactly sure of their pricing model. So you want to check that out on on their website. What do you have a mix of software as a service and on premises for both situations right right yeah. And a lot of our customer base does have a does have a mix of just that. Yeah, because it’s it you don’t have to host any component of this yourself. It’s not like you put in some libraries onto your web server or something to make it work it’s really it’s really completely as a service so you drag that widget on the form and it takes care of the rest, regardless of how you deploy. It’s great. You said that you can figure things like the logos and things are is are all the labels configurable. Yeah, yeah, so you can do you can do branding white labeling and also multi lingual. So a lot of our customer base is shipping applications to a variety of languages and locales so you can do that as well.