N/A

Secure your Okta directory and reduce support costs.

Self-service Okta enrollment, recovery and re-authentication with Deepfake Defense™ identity verification. Eliminate IT tickets, enhance account security, and improve user experiences.

How to use it

1. Verify users at Okta onboarding (password and MFA enrollment).

North Korean operatives and other bad actors are posing as remote IT workers to infiltrate companies around the world. Once hired and onboarded, they funnel money back to the North Korean regime, steal company data and secrets, and deploy ransomware. In fact, Gartner predicts that 1 in 4 job candidates will be fake by 2028.

Nametag uncovers North Korean IT workers and other bad actors before they can set passwords and enroll in multi-factor authentication with Okta and your other identity directories. Deepfake Defense™ identity verification prevents imposters from continuing, while legitimate users can proceed to provision their accounts without IT support. Only Nametag protects both password and MFA enrollment.

2. Secure self-service account recovery (password and MFA resets).

By default, Okta allows administrators to enable self-service password reset (SSPR) with authentication performed via email or SMS + a security question. This is convenient for users, but creates a major security vulnerability: email and SMS are notoriously easy to intercept or exploit, and security questions can't be trusted since the answers are so readily available online. For MFA resets, Okta does not offer self-service. To reset a user’s multi-factor authentication, an Okta admin must use the admin console to do it manually, creating an enormous burden and cost for IT support teams.

Nametag covers these securtiy and usability gaps in Okta with easy self-service workflows backed by Deepfake Defense™ identity assurance. Employees simply verify their identity with Nametag, then reset and then re-enroll their Okta passwords and MFA, all on their own. Deepfake Defense™ stops AI-powered bad actors, while self-service account recovery options eliminate the need for helpdesk intervention.

What's more, Nametag works across all of your identity directories and enterprise applications. So if you use more than one identity provider, you're covered with Nametag.

3. Secure self-service account unlocks.

Okta account lockouts can be annoying and costly. They affect employees, helpdesks, IT and security teams alike. The lockout challenge is a hard one to solve: if IT makes it too easy to unlock an account, threat actors could exploit this. But if the unlock process is too long and cumbersome, frustrated employees will make their voices heard.

Nametag provides a more flexible, more secure way to enable self-service Okta account unlocks. Employees quickly verify their identity using Nametag’s ultra-secure solution and then unlock their own account. It's fast and intuive for users, using only what they already have in their pocket: their smartphone and their photo ID.

4. More flexible, more secure Okta MFA.

Okta Verify offers many options for multi-factor authentication policies. But all of them can be exploited via MFA bypass, push fatigue, classic phishing and other means. Even phishing-resistant MFA factors can be bypassed at enrollment or recovery. And every Okta MFA factor fails if a person changes devices.

Nametag is available as an external authentication method (EAM) for Okta. Use Nametag as the second MFA factor at high-risk moments like accessing your Okta admin environment, or when you detect suspicious behavior like potential North Korean IT workers. Nametag creates a higher level of assurance and is more flexible than any other MFA factor: even if someone loses or changes their phone, they can still verify themselves through Nametag without having to be pre-enrolled or download an app.

Decline
Accept All Cookies