Innovate IT Ltd

Okta Licences - Identity and Access Management Platform (IDP)

OKTA connects any person with any application on any device. It's the market leader for cloud identity management, providing a secure way to store your credentials. Okta’s architecture means that users just sign-on with one password, one time to access all their applications. Take advantage of this SSO service.

Features

• Independent SKU advice based on your requirements
• Training for 1st & 2nd line
• Support package
• Identity audit report generation
• Workflows to automate tasks
• Manage access to legacy applications
• Single sign-on (SSO)
• Adaptive multi-factor authentication (MFA)
• Professional services support
• Platform healthchecks, reports and support

Benefits

• Enables bring Your Own Device (BYOD) (multiple platform devices)
• Zero-trust security
• Accelerate digital transformation
• Enhanced staff identity security
• Automate Workflows for JML
• Automated licence provisioning
• Simplified joiner, movers, leavers (JML) processes
• Manage access to legacy (including on-prem) applications
• Role Based Access Control (RBAC)
• AD/AAD/HR as a Master Directory

£1,800 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@Innovate.Cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

901653135880390

Contact

Paul Rawlinson
+44(0)1233 800 102
Hello@Innovate.Cloud

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: OKTA is an extension of over 6,500 application integrations. For a full, up to date list visit: https://www.okta.com/resources/find-your-apps/; Office 365, ; G-Suite; Wordpress (CMS); Content management systems (CMS); Salesforce; Amazon Web Service AWS; Adobe; Slack; WebEx; 1Password; ZScaler; Active Directory; Confluence ; JIRA
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: No standard requirements, although you can install the browser plugins to enhance the user SSO experience. Other Okta features have their own specific requirements.
• System requirements:
  • User licences
  • Device level browser compatibility
  • No server-side system requirements

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 3rd line support and will engage Okta on your behalf for application level support (4th line). ; 08:30-17:30 Mon-Fri (ex. UK holidays); ; P1 & P2:; Response time: 1 working hour; Resolution Goal: 1 working day; ; P3:; Response time: 4 working hours; Resolution Goal: 3 working days; ; 4th Line support provided by Okta:; Premier Success, Premier Access Success, and; Premier Plus Success ; Response Time for the Service during 24x7 Support hours; As published here: https://www.okta.com/services/success-and-support/
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Basic Support Package:; 3rd/4th line incident response and resolution,; Monthly health checks,; 1 working hour incident response,; Web or email incident logging,; Escalation and management of incidents with Okta (4th line),; Monthly service reporting,; New feature recommendations.; ; Add-ons:; Automated monitoring and alerting,; Bespoke reporting,; ITSM integration for incident management.; ; Every customer will be given a technical account manager who will assess the technical requirement and assign the relevant resource on and individual basis.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide a complete Okta integration and migration service to get you up and running. We can design, plan and manage the project as well as provide the licences. We provide onsite training, online training and user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Audits can be exported in .CSV format; User identities from the universal directory can be synchronised with other compatible directories.
• End-of-contract process: Included: Service documentation will be handed to the customer. If no longer required by the customer, all data will be securely erased and the SaaS tenant deleted.; Additional charges: Data migration services are chargeable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None. Full featured mobile service.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The interface is accessed through a web browser.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We have implemented with yubikeys multi-factor, telephone multi-factor and the interface is customisable to meet specific needs.
• API: Yes
• What users can and can't do using the API: The APIs can be used for integration into monitoring and other third party services, strictly controlled by Okta administrators, with no user access. The APIs are strictly server-side. Okta uses REST APIs.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The customer can customise the available features for their needs. ; The dashboard and branding can be altered to meet organisational standards. ; Users are able to add their own applications and SSO links to the dashboard.

Scaling

• Independence of resources: As a SaaS product, Okta is delivered over a CDN with services multiple zones around the world.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users.; Number of integrated applications.; Authentication audits.; Service use audits.; System level audit.; Application level audit.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Okta Inc

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We provide a service to export the universal directory, or the user can do it and export it as a .csv file.
• Data export formats:
  • CSV
  • Other
• Other data export formats: LDAP
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • LDAP

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: HTTPS to internet hosted SaaS product dashboard and between agents and SaaS service.; Internet connectivity is under the customers control.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Please se the Okta site for details; https://support.okta.com/help/s/article/Okta-Support-Service-Level-Agreements-by-Customer-Success-Package
• Approach to resilience: Okta a have a 99.9% uptime guarantee, and zero planned downtime. For the latest information on Okta's approach to resilience, please see the Okta website.; https://www.okta.com/a-secure-reliable-service-you-can-trust/
• Outage reporting: Designated support mailbox will receive email alert with estimated outage time and a further email once fully restored.; Users can visit https://trust.okta.com for live information on service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: API token; OAuth 2.0; SWA
• Access restrictions in management interfaces and support channels: Access to support channels is only granted to administrative users and security check is carried out when a user raises a support ticket. Management interfaces is also locked down to administrative users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: API token; SWA; OAuth 2.0

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Certification Body of Schellman & Company, Inc.
• ISO/IEC 27001 accreditation date: JUL-08-2016
• What the ISO/IEC 27001 doesn’t cover: The scope of the ISO/IEC 27001:2013 certificate is limited to the information security management system (ISMS) supporting; Okta’s cloud-based Identity-as-a-Service (IDaaS) platform and aligned with ISO/IEC 27018:2014 in accordance with the; Statement of Applicability version 3.2, dated March 28, 2016.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 01/05/2016
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Schellman & Company, LLC examined the description of Okta, Inc.’s (“Okta” or the “service organization”) OnDemand; Identity-as-a-Service (“IDaaS”) system for the period May 1, 2015, to May 31, 2016, (the “description”); based on the criteria set forth in paragraph 1.26 of the AICPA Guide Reporting on Controls at a Service; Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®); (“description criteria”) and the suitability of the design and operating effectiveness of controls described therein to; meet the criteria for the security, availability, and confidentiality principles set forth in TSP section 100, Trust; Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA,; Trust Services Principles and Criteria) (“applicable trust services criteria”), throughout the period May 1, 2015, to; May 31, 2016. We have also examined the suitability of design and operating effectiveness of controls to meet the; requirements set forth in the Cloud Security Alliance's Cloud Controls Matrix Version 3.0.1 control specifications.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA
  • SOC2
  • FedRAMP
  • FIPS 140-2
  • GDPR
  • PCI-DSS 3.2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Okta’s data protection meets the highest industry standards, complying with FedRAMP and NIST 800-53, HIPAA, and ISO 27001 requirements. Our state-of-the-art encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers.
• Information security policies and processes: For information on Okta security policies and processes, please visit https://trust.okta.com/security

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Please see the Okta link for information on SOC 2 Type II Reporting; https://trust.okta.com/compliance
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Okta aggressively hunt for bugs in our software using four concurrent security programs. Our internal tests work in conjunction with third-party security audits, a public bug bounty program, and a highly-responsive customer bug reporting program. We also believe in the customer’s right to conduct a penetration test on Okta, and so we provide them with test environments to do that.; Please see trust.okta.com for further context.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Okta utilizes a number of monitoring tools with centralized logging and SIEM using our own correlation rules for security monitoring, analysis, and alerting
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Okta has formally documented incident response & disaster recovery standard operating procedures (SOPs) that describe discovery, investigation, escalation, containment, notification, and documentation processes. Customers are provided this SOP document upon request and under NDA

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  This services enables secure remote working for customers' employees, which is a large factor in reducing travel-related emissions. Having a zero-trust approach to identity and a strong security foundation enables home and hybrid working.
• Covid-19 recovery:

  Covid-19 recovery

  This product support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services through improving remote working capability for the customer.; ; This service improves workplace conditions that support the COVID-19 recovery effort through aiding remote working.
• Tackling economic inequality:

  Tackling economic inequality

  This service supports the development of scalable and future-proofed new methods to modernise delivery and increase productivity through automated workflows and reducing customer service desk calls.; ; This service supports the development of scalable and future-proofed new methods to modernise delivery and increase productivity, through integrating directories with the identity platform for greater flexibility and faster software migration and integration.; ; This service helps to identify and manage cyber security risks in the delivery of the contract including in the supply chain.
• Equal opportunity:

  Equal opportunity

  This service seeks to influence staff, suppliers, customers and communities through the delivery of the contract to support disabled people through offering accessibility options for workforce users and citizens.
• Wellbeing:

  Wellbeing

  This service supports the health and wellbeing, including physical and mental health, in the contract workforce through reducing IT friction, for example removing the need to remember passwords or to use the helpdesk for password resets. This service empowers the user.

Pricing

• Price: £1,800 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A full featured trial can be obtained by contacting hello@innovate.cloud

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@Innovate.Cloud. Tell them what format you need. It will help if you say what assistive technology you use.