MFA posture
Okta Identity Security Posture Management (ISPM) helps you take control of your org's MFA posture by analyzing app sign-in policies, reviewing account configurations, and highlighting where enforcement is missing or misaligned.
Security and identity teams often find it challenging to enforce secure authentication practices across the org. It's also difficult to understand the org's MFA posture due to the multiple sign-in methods, varied user types, and app integrations across environments and their alignment with the org's app sign-in policies. These challenges can result in gaps in MFA enforcement, unprotected accounts left, and increased risk of compromise.
ISPM prioritizes results based on context, so you can take action where risk is highest:
-
An unprotected privileged user
-
A critical app without coverage
-
A policy misconfiguration that puts the organization at risk
ISPM can help drive MFA adoption, enforcement, alignment with policy across users, apps, and login methods to help ensure secure authentication for your org. Use the dashboards, issue detections, metrics, and graphs within the Okta ISPM console to get an in-depth understanding of the login provider and authenticators that are in use, and MFA statuses for all of your user accounts and apps. This allows you to quickly identify insecure login paths and investigate MFA issues at the account and app level. You can also do the following tasks:
-
Track MFA requirements and statuses
-
Proactively manage MFA adoption and enrollment
-
Identify and mitigate risks within your connected data sources
-
Ensure compliance with organizational security policies
Use the Issues page to view MFA-based issue detections and remediation suggestions, including the following:
-
Admins who operate without MFA enforcement
-
Admins who have a Pending Enrollment MFA status
-
Instances of SSO bypass for app integrations
ISPM analyzes your organization's authentication and app sign-on policies to determine a user's mandatory MFA requirements and assigns an MFA status to the user account. It also determines a user's MFA status within an org based on the configured sign in methods and MFA enablement and enforcement settings.