Introduction

Since 2019, Trusona’s passwordless MFA integration for Okta’s single sign-on (SSO) has been one of our most frequently deployed implementations. Securing the SSO is a natural starting point for many enterprises on their passwordless journey, given that so many business applications sit behind it. 

And although our customers rave at the usability of this solution, we’re always on the lookout for potential new ways to further streamline and simplify. One such example is with the onboarding process that users go through in order to set up their Trusona passwordless access for Okta.  

By utilizing the SCIM (System for Cross-Domain Identity Management) open standard, we’re now able to drastically reduce the number of steps — and therefore the amount of time — for each user in their onboarding process. 

SCIM was established in 2011 with the latest iteration, SCIM 2.0, made available in 2015. The core premise of SCIM is that it provides a standard interface for connecting distributed systems to make it easier to manage identities in cloud-based applications. Essentially, it’s a means of syncing user identities from one system to another. 

Challenge

Trusona’s integration for Okta uses the SAML protocol to form a trust relationship with Okta. This allows Okta customers to gate access to applications using the Trusona mobile app. However, once the integration is configured, the admin must invite the end users to self-onboard and register first with Okta, and then with Trusona.  

This involves the end user performing the following steps: 

  • Completing the Okta account setup by creating a password 
  • Downloading and installing the Trusona mobile app from the appropriate app store  
  • Registering their corporate email in the Trusona app 
  • Validating access to the above corporate email account  
  • Logging in to Okta using their username and password 
  • Scanning the Trusona Registration chiclet app using the Trusona mobile app to bind their Trusona account to their Okta identity 
  • Logging out of Okta and logging in again with Trusona using passwordless MFA 

Although the above steps are done once by the user and are simple and well guided, we wanted to see if we could get closer to the ideal ‘plug-and-play’ experience.  

Solution

Our new Trusona solution for Okta utilizes a helper app which simplifies the onboarding experience for both admins and users. By leveraging the Okta SCIM interface, Trusona is now able to automatically sync the user identities without any end user intervention. 

Okta not only supports SCIM, but also has a formal program for certifying a SCIM integration. The program guides vendors through the process of building the integration, connecting it to a lab instance, testing it and then publishing it.

When Trusona’s SCIM for Okta is added to your Okta portal, it enables it to take certain user attributes and synchronize them with Trusona. Specifically, we support updates to (a) username, (b) given name, (c) family name, (d) middle name, (e) primary email and (f) secondary email properties.  

Once Trusona has that information, it can send an email to the user to set up their mobile app registration in a matter of seconds. 

As a result, the end user performs the following steps to onboard into Trusona: 

  • Receives an email invitation to their corporate email address (the one used in their Okta profile), and verifies control of the account  
  • Clicks on the included link to download the Trusona mobile app and verifies the account 
  • Opens the Trusona mobile app and is ready to authenticate without passwords!  

Customer feedback

Georgian is one of our long-time customers. They use Trusona to protect their Okta instance, which serves both their employees and their portfolio companies with a host of business applications and services. 

“We love Trusona and were trying to find a solution for onboarding users that had even fewer steps,” said Conor Ross, CoLab Product Manager at Georgian. “Previously, the workflow required a user to enroll in two separate systems, and with too many steps along the way. Trusona’s new solution for Okta using SCIM is enabling us to provision users once and have them set up and onboarded in a fraction of the time, with less friction.”

Summary

The new Trusona integration into Okta using SCIM allows our joint customers to craft a more delightful onboarding experience that is even faster and simpler than before. The SCIM integration enables Trusona to synchronize the Okta user identities to automate the onboarding process and remove a handful of manual steps from the user experience. The whole user onboarding process can now be done in less than a minute. 

“I congratulate the Trusona team for building this solution so quickly and efficiently,” said Ross. “They constantly assessed the needs of our users, ensuring that the solution delivered, while keeping customer experience at the forefront of the design. Working with the Trusona team has been exceptional.”

 

For more information: 

Making sense of passkeys and the demise of passwords
A customer interview with Roger Thornton from Ballistic Ventures
Making sense of passkeys and the demise of passwords