Jul 5, 2022
4 min read

We Have Okta – So Why Do We Need ZTNA?

Written By

Josh Martin

Forward-thinking organizations are increasingly turning to identity providers (IdPs) like Okta to authenticate and authorize users through multi-factor authentication (MFA) and single sign-on (SSO) capabilities. Recent attacks that compromised weak passwords (such as the infamous SolarWinds breach) have proven that a single verification factor is insufficient protection from a data breach. But while MFA demonstrably helps to ensure secure access, it does not provide actual connectivity to most systems and applications. 

This blog will illustrate how Cyolo’s next generation zero trust network access (ZTNA 2.0) solution can augment any MFA tool to provide both secure access and secure connectivity to legacy and on-prem applications.

The Benefits of MFA

MFA is a secure authentication method for user verification. By using multiple factors like one-time passwords (OTPs), security questions, tokens, biometric data, location, and more, users are validated before they are granted access to applications or systems.

MFA’s advantages go beyond security. MFA is also easy to set up and use, and it complies with regulations across many industries. All in all, MFA is a pretty good solution for secure access, especially compared to using risky single factor authentication, like passwords for example.

MFA Challenges

Despite its many advantages, MFA still has some drawbacks for enterprises.

1. Incomplete Application Coverage

MFA works well for accessing many web and SaaS applications. However, on-prem applications and systems (like file shares) or legacy applications do not support SAML-based MFAs, such as Okta. These include widely used applications, including in-house apps, SAP, Windows apps, Linux apps and other server-based or client-server based apps.

As a result, IT and security teams are required to choose a weak authentication method for these apps, recode the apps, or use a different and likely less effective authentication tool. This could be very pricey and may also create a poor user experience.

2. User Agitation

Having to jump between different authentication methods for different apps creates serious friction for end users. Instead of focusing their time and energy on their actual work, employees are forced to remember which authentication method to use and how. This creates frustration and overhead that could result in many more support tickets and a work slowdown.

3. Traffic Made Visible to Attackers

MFA authenticates users prior to giving them access, but it doesn’t secure the actual connection. To connect users to resources behind firewalls, ports on those firewalls still need to be opened, which exposes traffic to the internet and gives threat actors visibility into critical data and applications. All this could result in a serious data breach.

The Solution: Integrating MFA with Cyolo ZTNA 2.0

MFA is a first significant step toward identity management. But how can organizations overcome the remaining challenges? By easily integrating their IdP with Cyolo’s ZTNA 2.0, businesses can enjoy all of the advantages of MFA together with a frictionless solution for overcoming the challenges.

How the Integration Works

  1. Cyolo seamlessly and simply integrates with Okta (or any other IdP that provides MFA) and your existing application portal. Now all your resources, not just your web and SaaS applications, are visible in the MFA dashboard.

  2. Cyolo sets up verification for all applications Okta does not cover, such as legacy applications. Cyolo also enables single sign-on to these apps without the need to share the application credentials with the user through a secure vault. For added security, this vault and the credentials contained within it remain inside the customer’s security perimeter at all times.

  3. Users continue to log in through their existing and familiar IdP portal (for instance, Okta). Only now, all applications are accessible through a single solution for an improved user experience. Cyolo can optionally enforce supervisor access, a feature that requires supervisor approval before access is granted and also allows for real-time session monitoring and recording.

  4. As an added security later, Cyolo continuously verifies users and their access privileges following the initial authentication. Simply put, Cyolo ensures users are only doing what they’re permitted to do and nothing more. Should unusual or suspicious activity be detected, a user’s session can be ended immediately.

  5. Cyolo cloaks application traffic and verifies end-user devices for their security posture, limiting users’ ability to move laterally across the network.

  6. Cyolo provides audit logs and trails to enable real-time tracking and incident investigation, giving IT and security teams full visibility and control over user access, including risky third party access. 

Getting Started with Cyolo

Cyolo offers the leading identity-based ZTNA solution, built on a unique trustless architecture. Okta partners around the world are working with Cyolo to enhance their clients’ security. To learn more, let’s talk.

Josh Martin


Josh Martin is a security professional who told himself he'd never work in security. With close to 5 years in the tech industry across Support, Product Marketing, Sales Enablement, and Sales Engineering, Josh has a unique perspective into how technical challenges can impact larger business goals and how to craft unique solutions to solve real world problems. Josh joined Cyolo in 2021 and prior worked at Zscaler, Duo Security, and Cisco.

Outside of Cyolo, Josh spends his time outdoors - hiking, camping, kayaking, or whatever new hobby he's trying out for the week. Or, you can find him tirelessly automating things that do NOT need to be automated in his home at the expense of his partner. Josh lives in North Carolina, USA.

Subscribe to Our Newsletter