346
you are viewing a single comment's thread
view the rest of the comments
[-] vin@lemmynsfw.com 5 points 1 year ago* (last edited 1 year ago)

If anyone here is a security expert, can you tell me if the following should have been done by default? Is it not a prevalent design practice?

  1. Binding Okta administrator session tokens based on network location (Complete)

Okta has released session token binding based on network location as a product enhancement to combat the threat of session token theft against Okta administrators. Okta administrators are now forced to re-authenticate if we detect a network change. This feature can be enabled by customers in the early access section of the Okta admin portal.

[-] whoisearth@lemmy.ca 11 points 1 year ago

Not infosec but work with them closely this makes sense. If my laptop gets stolen or compromised it's more likely to occur outside of the office or a VPN session. If I have sessions established with admin I 100% want them to forcefully logout if my network changes. This would prevent a common scenario of bad actors from using a pre existing admin session.

[-] vin@lemmynsfw.com 3 points 1 year ago

Yes, it makes sense. Can not doing it be considered gross negligence?

[-] whoisearth@lemmy.ca 4 points 1 year ago* (last edited 1 year ago)

What negligence? If I read the policy change by Okta they're ensuring that security of killing an admin session if the network changes.

Edit - unless you mean not mandating the feature by default? As a SaaS solution Okta is set to provide the tools for any company to use which they're doing. They provide the ability to enable tighter security but it's not their problem to solve. They could argue successfully that a company can and should enable their own security provisions that may overlap.

To use non-IT terms, Okta is providing a box of knives to a teacher. The expectation is the teacher ensures if the kids can use the knives or not. Okta can take out the sharpest knives if you ask them to but you have to ask.

[-] vin@lemmynsfw.com 2 points 1 year ago
this post was submitted on 05 Nov 2023
346 points (97.0% liked)

Technology

60130 readers
2746 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS