Okta focuses MDM on users, not devices

Identity-management outfit Okta is prepping a mobile device management solution that puts users first in both its design and licensing

MDM mobile devices smartphone

Okta, the identity-management startup created by former Salesforce engineering folks, has sought to make a name for itself by offering a one-stop ID management solution for enterprises turning to cloud-based apps. The company's newest move, though, is into a field that should have no room for a newcomer: mobile device management.

Okta Mobility Management works as an outgrowth of Okta's existing identity platform. With that system, a single user sign-on can be used to access multiple cloud-based applications. Knowing what applications are already used within a company makes it easier for Okta to provision the appropriate mobile apps for users' mobile devices.

Okta CEO Todd McKinnon discussed in a phone call his company's person-centric, rather than device-centric, approach. "When [an enterprise] hires a new employee, and they bring their own phone to work, they want to take the information that's already in the HR system and use that to drive which native apps get provisioned on the mobile device."

To its advantage, Okta knows how existing users have already allowed the software to build a working picture of the company's business processes -- what apps are used where. This information can then be leveraged automatically, along with custom-built deployment rules, when provisioning mobile devices.

image Okta

Okta Mobility Management's licensing and deployment employ a per-user, not per-device model.

Provisioning isn't only about which features of the phone or what apps can be used, but can include automatic configuration for access to corporate email or other internal resources -- and the automatic de-provisioning of the device when the user leaves the company. Business-specific apps are placed and managed in a container, courtesy of existing OS-level hooks. This is done in lieu of, say, forcing the user to work with custom-built apps, an approach McKinnon describes as "completely broken."

"There's a lot of money going into [enterprise mobility management]," McKinnon said, "and a lot of our [identity management] customers didn't even have a solution, so we think it's still pretty early in this market. We also noticed the ones that had a solution, they hadn't deployed it fully or they weren't that wedded to it, because it's built on an old paradigm where the company would own the device." Many other MDM solutions, he noted, charge per device, whereas Okta is a flat per-user cost.

Okta's solution is reminiscent of an approach suggested by a 2013 Forrester analysis that condemned many of the conventional MDM approaches as "heavy-handed." In their stead, the report predicted, policy-based approaches over apps and data would gain precedence because they are seamless to the user. Much of this development, McKinnon noted, has only become possible because of recent platform-level additions to iOS and Android.

A common barrier for newcomers in a given field is convincing entrenched customers of existing solutions to switch. McKinnon doesn't see Okta making a dent by displacing in-place deployments: "I think we'll have a lot of success in greenfield [deployments]," he said, "where companies want a cloud solution, per-user, and haven't made a choice yet. I think we'll compete with the legacy vendors in some instances, and in some cases they might win and in some cases we'll win -- and in some cases we'll integrate with them."

To that end, Okta isn't competing directly with the likes of Ping Identity, which allows enterprises to use smartphones as an enterprise-wide single-factor authentication device. Nor is the company battling with enterprise app stores for mobile user: "We don't have every bell and whistle of an enterprise app store, but you can imagine we'll enhance it over time."

Copyright © 2014 IDG Communications, Inc.