Innovate IT Ltd

Okta Licences

Innovate is a certified Okta delivery partner, delivering Okta WIC and CIC (Auth0). We can help you purchase your licences, whilst offering expert advice on what you need to achieve your business goals. Okta connects any person with any application on any device. It's the market leading (GARTNER) identity platform.

Features

• Flexible policies for organization security and control
• Single sign on (SSO)
• Automate tasks with workflows
• Multi factor authentication (MFA)
• 6000+ Pre-integrated applications
• Identity threat protection with AI
• Privileged access management
• Granular access control
• Identity governance

Benefits

• Automated provisioning/deprovisioning of users
• Zero-trust security
• Automated licence provisioning
• Simplified/automated joiner, movers, leavers (JML) processes
• Manage access to legacy (including on-prem) applications
• Role Based Access Control (RBAC)
• AD/AAD/HR as a master directory OR Okta as a master
• Enhanced cybersecurity posture
• Faster integrations and cloud migrations

£1,500 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@Innovate.Cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

257219541387564

Contact

Paul Rawlinson
+44(0)1233 800 102
Hello@Innovate.Cloud

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: For a full, up to date list visit: https://www.okta.com/resources/find-your-apps/; ; Okta can integrate with over 6500 cloud applications, allowing you to use all the security and management features of Okta with those applications.
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Applications that don't support federated protocols will need to use Secure Web Authentication (SWA) for SSO.; Applications that aren't in the Okta Integration Network (OIN) will require additional professional services support to integrate.; Correct licensing is required to take advantage of the relevant features.
• System requirements:
  • Okta user licences with the correct SKUs
  • Device level browser compatibility

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Innovate has a 1 hour response time for tickets raised under the service contract.; ; SLA's for the different Okta support levels can be found at: https://support.okta.com/help/s/article/Okta-Support-Service-Level-Agreements-by-Customer-Success-Package
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide the following support levels: Enhanced Support Package - 3rd line support, 9am-5pm, 5 days a week (not available on UK bank holidays). This has a flat cost from £39,892 ; ; Flexible Managed Service Package This can range from 9am-5pm weekdays, all the way through to 24h, 7 days including UK Bank Holidays and weekends. There is a varying price scale.; ; Okta's support covering platform issues:; Basic Success Business Hours: 12 hours/day x 5 days/week, excluding US holidays (6:00am - 6:00pm in the timezone of the Customer's HQ site); Premier, Premier Access & Premier Plus Success Business Hours: 24 Hours/Day x 7 Days/Week x 365 Days/Year; Premier Plus Success also includes a Customer Success Manager
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: FULL IMPLEMENTATION SERVICES; We can provide the full implementation services to get the Buyer's tenant up and running. We can carry out the integrations with their application set.; ; ACCEPTANCE INTO SERVICE; We can provide documentation and procedure documents based on your processes.; We can train your service staff (1st & 2nd Tier).; ; SUPPORT; We can support your tenant with a full managed service, or 3rd line support.; ; Okta offers three support tiers to match your organization's needs; Basic, Premier and Premier Plus. Basic Support - The Okta Basic Success Package gives you access to training, the helpdesk forum, FAQs, on-line user guides and tutorials, and briefings of upcoming releases. Premier Support - The Okta Premier Success Package gives you access to live and pre-recorded training, 24x7 support with 1 hour response times, FAQs, on-line user guides, and tutorials so you get the most value from Okta. Premier Plus Support - The Okta Premier Plus Success package offers the most exclusive level of support. In addition to your own support number and priority routing to support engineers. For more info on Okta support options please visit support.okta.com
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The Buyer would need to migrate their users to another identity service prior to the tenant being closed at the end of the contract.; Currently, the only way to bulk extract data from Okta is using the Okta API (freely documented). Optional Services can be purchased in order to provide assistance in the data extraction process.
• End-of-contract process: At the end of the contract the tenant will be closed. It will be the Buyer's responsibility to ensure they have migrated users off of the tenant. We can provide these services at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Okta web portal is browser based for both types of devices so only differences will be between the device display properties. The Okta mobile application is available at no extra cost.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Okta has many ways to interact, including a web dashboard. The web dashboard is utilised by users to open assigned applications using Okta initiated single sign on (including multi factor). Administrators will use the web interface to do CRUD (Create, Read, Update, Deactivate) of users and groups as well as setup application connections and configure authentication and multifactor policies.
• Accessibility standards: None or don’t know
• Description of accessibility: WCAG 2.0 AA, working towards WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Core Okta API; ; The Core Okta API is the primary way that apps and services interact with Okta. You can use it to implement basic auth functions such as signing in your users and programmatically managing your Okta objects.; ; Sign in your users; ; API endpoints to authenticate your users, challenge for factors, recover passwords, and more. For example:; ; The Authentication API controls user access to Okta.; The OpenID Connect & OAuth 2.0 API controls users access to your applications.; Manage Okta objects; ; REST endpoints to configure objects whenever you need. For example:; ; The Apps API is used to manage Apps and their association with Users and Groups.; The Users API is used for CRUD operations on Users.; The Sessions API (opens new window) creates and manages user's authentication sessions.; The Policy API creates and manages settings such as a user's session lifetime.; The Factors API is used to enroll, manage, and verify factors for multi-factor authentication (MFA).; The Devices API is used to manage Device identity and lifecycle.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customise personal information and password management-- Users manage their personal information and passwords.; Configure optional user account fields --End users can enter a secondary address for password reset.; Security images can be used.; Configure Okta user communication; Select Opt out of Okta User Communication for this Org.; Enable a deprovisioning workflow; Enable Just In Time Provisioning--Enable JIT provisioning at the org level for all SAML apps, all AD instances and DSSO .; Configure the Okta Browser Plugin settings; Enable IFrame embedding.; Configure reauthentication settings ; Customize a sign-out page ; ; Configure a custom application error page ; Configure a default app for the Sign-In Widget ; Allow users to choose whether or not the Okta End-User Dashboard displays their recently used apps in a separate section.; Control access to the Okta End-User Dashboard Configure access and migration for your users to the Okta End-User Dashboard. ; Display Options--URL/logo

Scaling

• Independence of resources: Okta scales using cloud technology. Each tenant is individual to the Buyer. ; ; Being able to scale is only one part of the equation.Okta is built to handle this challenge with a guaranteed 99.9% uptime, and zero planned downtime. Furthermore, Okta has maintained a 100% global uptime in the last 2 years, with no major service disruption, as it scaled 640% in the amount of authentications per month it needed to handle. Okta is never taken offline for updates or maintenance.

Analytics

• Service usage metrics: Yes
• Metrics types: The Buyer can run their own reports in the Okta software.; We can provide a monitoring and alerting service via an API linked to our own application. We can provide regular reposts, or reports on request. These are all at additional cost.; Okta can provide details on licence usage.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Okta Inc

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is a Data Export API.Normal users cannot export data.; Currently, the only way to bulk extract data from Okta is using the Okta API (freely documented). Optional Services can be purchased in order to provide assistance in the data extraction process.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Via API
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Various formats using the Okta API Directory Services SCIM
  • Active Directory (AD)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99%; Okta is built for high availability and scale and deliver a 99.99% availability for all of our customers. With Okta there is zero planned downtime.; ; Identity is Always On, and so are we. We built the Okta service for high availability and a guaranteed uptime. https://support.okta.com/help/Documentation/Knowledge_Article/Okta-Support-Service-Level-Agreements-by-Customer-Success-Package
• Approach to resilience: Since we are aiming for billions of users and authentications, in 2014 we rolled out a new platform architecture that will get us to extreme scale. We call this architecture “cells”. A cell is a self-contained instance of the entire Okta service. Any fault in infrastructure is contained within a cell using a High Availability (HA) architecture, and even in case of an entire datacenter going down, another cell in a different geography takes ownership of the affected accounts within an hour.
• Outage reporting: You can see an updated status of Okta’s availability at all times by going to trust.okta.com. All users will also receive email alerts informing them of the problem, estimated outage time and a further email once fully restored.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Passwordless, webauthn/FIDO 2.0, Desktop SSO
• Access restrictions in management interfaces and support channels: The Okta authentication engine determines the types of authentication required as set in policy for the application for which, access is being requested, by the users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: TOTP, webauthn/FIDO 2.0

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Certification Body of Schellman & Company, Inc.
• ISO/IEC 27001 accreditation date: 08/07/2016
• What the ISO/IEC 27001 doesn’t cover: Doesn't cover: The scope of the ISO/IEC 27001:2013 certificate is limited to the information security management system (ISMS) supporting Okta’s cloud-based Identity-as-a-Service (IDaaS) platform and aligned with ISO/IEC 27018:2014 in accordance with the Statement of Applicability version 3.2, dated March 28, 2016.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 31/05/2015
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: .
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA
  • SOC2
  • FedRamp

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Compliance can be found here: https://trust.okta.com/compliance; 2. ISO/IEC 27001; 3. Other (ISO 27018, SOC 2 Type II, CSA Star, FedRamp, FIPS 140-2)
• Information security policies and processes: Our ISMS includes all of the security policies required to run a secure business. We regularly audit our systems, look for continuous improvement, maintain a risk register, all staff and sub-contractors must be minimum BPSS security cleared and are under contracts that support policies.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Okta’s change control process is audited and attested to in our SOC 2 Type II report. The final build is promoted to QA, which is responsible for all security, unit, and regression testing on the build. Once it passes testing, it is finalized and released to technical operations who perform deployment testing the build. After successful deployment testing, the build is deployed to staging where it will bake in for a week. Once passed, it is put through another deployment test and then installed to production. Further information can be found in Okta's change management standard operating procedures (SOP) document.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Okta conducts continuous internal vulnerability assessment, as well as annual external penetration testing. If a potential vulnerability is identified, it is triaged among the security, engineering, and technical operations teams. Okta's security team employs a risk ranking system for all technical vulnerabilities. The ranking system also accounts for all published risk rankings within the Okta environment. Critical- and high-risk issues are addressed as quickly as possible within the next release cycle or hot patch within the context of business feasibility. Medium-risk issues are addressed within the next four release cycles. Low-risk issues are addressed when possible with feature updates. ; https://www.okta.com/vulnerability-reporting-policy/
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Okta utilizes a number of monitoring tools with centralized logging and SIEM using our own correlation rules for security monitoring, analysis, and alerting
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Okta has formally documented incident response & disaster recovery standard operating procedures (SOPs) that describe discovery, investigation, escalation, containment, notification, and documentation processes. Customers are provided this SOP document upon request and under NDA.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Okta has a climate strategy, and a renewable electricity program - annually we match our global office and remote workforce electricity consumption with renewable electricity by purchasing renewable electricity certificates (RECs).; Okta is implementing a climate strategy. Okta knew that having a robust climate strategy would be essential to our long-term success to identify principles to guide our work moving forward. Okta’s climate strategy has four pillars. Read more here, here, and here.; Reduce our energy consumption: Focus on impact, starting with where we have direct influence. We’re beginning our journey in the place where we can take immediate action—our offices. Our first aim is to reduce our overall energy consumption.; Electrify: we lease our offices and we are working to reduce the amount of natural gas in our real estate portfolio and move to electricity, which can be covered by renewable electricity.; Purchase renewable electricity: For the energy we still consume, we plan to transition from GHG emitting fossil fuels to renewable energy—like solar and wind. We will start this by purchasing renewable energy certificates (RECs) to match every megawatt-hour of electricity that we consume at our offices and our remote workforce. To maximize environmental and social impact, Okta purchased RECs from the California Bright Schools solar program, which supports renewable energy education and the installation of solar energy in schools across the state.; Engage our value chain on climate. The majority of our emissions are from our value chain/vendors. We want to partner with our vendors to reduce their emissions, and we ask new vendors with climate questions using new vendor forms.; Okta works collaboratively with our internal and external partners. We are partnering with a broad set of stakeholders such as Business Council on Climate Change (BC3) and Clean Energy Buyers Association (CEBA).

  Tackling economic inequality

  Okta is committed to diversity, equity, and inclusion. As such, we understand the need to build a diverse workforce to continue to fuel innovation and collective growth. At Okta, we prioritize building a balanced team in order to continue to nurture a culture of inclusion and belonging.

  Equal opportunity

  Through Okta for Good, Okta’s social impact arm, we’ve made a $1M commitment over three years for racial justice and equity and workforce development grants. We also formed a Racial Justice and Equity Employee Advisory Board, consisting of leaders from People of Color @ Okta (POC@Okta); the Diversity, Inclusion, and Belonging; and Okta for Good teams, to determine where we’ll award these new grants. Additionally, there are specific processes built into our hiring practices to ensure diverse hiring practices. For more information about Okta's commitment to diversity, inclusion and belonging, please see: https://www.okta.com/diversity/

  Wellbeing

  Modern Health, Okta’s employee assistance program (EAP) provider, balances on-demand digital tools with virtual coaching (and therapy, if needed). Employees set up the approach that best meets their needs and covers employee family members, all at no cost.

Pricing

• Price: £1,500 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 Day trial period in which you have full suite access for 100 users limited to 5 applications.
• Link to free trial: https://www.okta.com/free-trial/FRT/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@Innovate.Cloud. Tell them what format you need. It will help if you say what assistive technology you use.