Okta is now a preferred partner of Google for identity, and the two companies will work to accelerate the transition to secure, multi-cloud, mobile-centric architectures by large enterprises.
They will jointly release a reference architecture and help partners such as systems integrators and resellers to assist their enterprise clients move to the cloud.
"Enterprises today want the ability to choose the best combination of tools to move their business forward." said Okta chief executive Todd McKinnon.
"Our alliance with Google will make it easy for customers in the large enterprise segment to securely bring on Google Apps so businesses can spend their time innovating instead of securing complex deployments."
News Corp is already using Okta for secure and managed access to Google.
"News Corp can testify to the power of the Okta + Google alliance," said News Corp global chief information officer Dominic Shine.
"When we migrated from legacy technology to the public cloud, Okta and Google shared the News Corp vision for flexibility, choice and a secure, productive experience. With the help of these two strategic partners, we're operating faster, have increased collaboration, and unleashed huge productivity gains."
In related news, Okta chief product officer Eric Berg told iTWire that the company has developed its API Access Management platform that can be used to securely combine multiple applications into a single experience "in a very identity-centric way."
This platform complements products from other API management vendors, and provides documented and tested integration with those from Apigee and Mashery.
"It's a standards-based integration," he said, so customers "can do the integration themselves" with software from other vendors such as CA and AWS that use OpenID Connect.
Also new is Okta's access management capability, which Berg described as "the industry's most comprehensive approach" to the problem of keeping intruders out of applications.
Being added to its existing product, access management uses a variety of data including device identity, IP address, and time of day to reduce the risk of outsiders gaining access to applications.
For example, if a previously unknown device is used to connect, the apparent user is notified by email. That in itself is not new, but Okta's approach honours security certificates already placed on devices as well as using the company's own mobility management software to deploy certificates. This capability is initially coming to iOS, Android and OS X, with Windows 10 support to follow.
The system can consume IP trust "scores" from a variety of vendors (as chosen by the user organisation) as well as information collected by Okta's own networks.
Okta has invested in two-factor authentication, and its Verify app for iOS, Android and Windows already supports a variety of factors including SMS, push messages, and one time passwords. The company is adding support for multiple accounts, Windows Hello, and the use of email as a second factor, Berg told iTWire.
He went on to describe the changes that resulted in Okta Provisioning being renamed as Okta Lifecycle Management as "a huge step forward in our provisioning product."
These include the addition of workflow features, integration with Okta's mobility management product, and improved compliance reporting (for example, making it easy to see what access people actually have to cloud systems as opposed to what they are supposed to have).
"We've got a very integrated lifecycle approach" across applications and devices, Berg said. Previous approaches have been extremely flexible, but expensive to implement. Okta's approach has been to apply SaaS to the problem, making it easy to configure without requiring custom development.
This effort to reduce cost and increase value makes it available to more organisations, he said, adding: "We're democratising this capability."
Finally, Okta's Application Network that already provides about 5000 pre-engineered integrations for combining the company's identity management systems with other products is being extended with the ability to integrate VPN devices from companies including Juniper, Cisco and Palo Alto.
Among the other integrations are those with vendors such as F5 and Amazon Web Services (including Amazon Workspaces hosted desktops).