Okta integration overview

What is Okta workforce authentication?

Okta is used by companies of all sizes as a workforce authentication solution. The cloud-based Identity and Access Management (IAM) platform is designed to securely managed and streamline access for employees, contractors, and partners to enterprise applications, systems, and resources that need to be kept secure.

How Persona identity verification supports Okta workforce authentication

With the rise of social engineering and deepfake attacks, protecting a distributed and remote workforce is increasingly difficult. Persona adds a crucial layer of security by automatically verifying employees’ identities at sensitive moments throughout the employee lifecycle, such as new employee onboarding, account recovery, and the editing of sensitive information.

For businesses already using Okta, Persona is easily integrated, offers an added component of security to access controls, and helps keep employees from being blocked.

How to set up Persona as your Identity Provider in Okta

To learn more about the Okta Account Management Policy, see the Okta documentation here

  1. Follow the steps here and add Persona as an Identity Provider. If you have multiple Persona templates you want to use, make sure to name the Identity Provider appropriately so you can distinguish between them (we recommend the same name as the Persona Inquiry Template).
  2. Fill in the Persona values (see below) and save

Fetching Persona values

You’ll need your Persona API Key and your Inquiry Template ID.

  • Your Persona API key can be found at API > API Keys. Ensure you’re copying your Production API key.
  • Your Inquiry Template ID can be found in the ID column in the Inquiry > Templates page of the Persona Dashboard. It starts with itmpl_.

Configuring the policy

Under Security > Authentication Policies, click on your Okta Account Management Policy. Click on Add Rule and configure to your specifications (we recommend restricting this rule to a test group first). Under Identity Verification Service, select the appropriate Persona Identity Provider.

Okta Workforce Authentication Policies Settings

Updating your Password Policy

Edit your Password Policy rules to use the OAMP to determine the authenticators a user is prompted for.

Okta Password policy edit

Testing the policy

One of the easiest ways to test the integration is to go to the End User settings in Okta and attempt to change a security method. This triggers the the Account Management policy and will bring the user through the Persona flow.

Okta Change Security Method for a User

Verify your identity with Persona

How the integration between Persona and Okta works

  1. Upon the Authentication Policy rule trigger, the integration will create an inquiry for the employee with:
    1. The API key and template provided in the IDP configuration
    2. The worker Okta ID as the Persona account’s reference-id (which will serve as the account identifier for Persona)
    3. The worker’s first and last name from the Okta Universal Directory, as Inquiry fields
    4. A redirect URL (to get back to Okta)
  2. The worker will be instructed to go through the Persona inquiry— a button in the Okta flow will bring them to a hosted Persona Inquiry page
  3. Once the worker has completed the inquiry, they will be redirected back to an Okta webpage
  4. Okta will make a call to GET the inquiry result. If the status is completed (all verifications have passed), the employee will be allowed to continue. If the status is failed (at least one verification has failed), the user be prevented from continuing.

Understanding and making changes to your Inquiry template

Your template comes pre-configured via our standard recommendations for the Know Your Worker verification experience, but is customizable in the following ways:

  • Updating inquiry configurations and verification checks to require more or less friction for your employee (for example: requiring that the barcode of any drivers’ licenses be captured and scanned, or only allowing IDs from certain countries). Please refer to the Google spreadsheet given to your team for an in-depth explanation of Persona’s verification checks and other available configurations.
  • Configuring the colors of your template to match your company’s brand
  • Adding any custom text to help your employees through the process

Learn all about your Inquiry Template and how to configure it