January 8, 2025

Nametag Now Available as Okta External MFA Factor

by
Nametag Team
press@nametag.co

Get in touch with our PR team.

Download media kit

Logos and graphics to help you cover Nametag.

Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

Learn how

Nametag is now available as a Multi-Factor Authentication (MFA) method for Okta. Organizations using Okta for identity management and Nametag for account protection can achieve a greater level of assurance by using Nametag as the second MFA factor at high-risk moments like accessing your Okta admin environment, or when you detect suspicious behavior like potential North Korean IT workers.

After announcing our Okta partnership at Oktane 2024, alongside unveiling our next-generation Deepfake Defense identity verification engine, this represents another important step forward in our quest to protect Okta accounts against sophisticated threat actors.

Okta MFA: Standard & Alternative MFA Methods

Okta provides numerous authentication methods to use as the second MFA factor. Okta categorizes them into Possession Factors, Knowledge Factors, and Biometric Factors. Then they further classify these factors by characteristics, such as “device-bound”, “phishing-resistant”, “user presence”, “hardware-protected” and “user verifying”. 

In addition to standard MFA factors like one-time passcodes and Okta Verify push notifications, Okta allows you to use third parties to fulfill a multi-factor authentication policy. This enables greater support of complex enterprise environments, which often have multiple identity and MFA providers. 

Microsoft Entra calls these third parties External Authentication Methods (EAMs); Okta uses a variety of names. For example, Okta classifies Nametag as an “IdP [Identity Provider] Authenticator”. Other Okta EAM categories include Custom Authenticator, FIDO2 (Webauthn), Smart Card IdP, and Custom OTP.

Okta MFA Can Be Vulnerable and Frustrating

Offering such a wide range of MFA methods means that Okta admins can configure flexible, adaptive MFA requirements. Unfortunately, all of the default MFA methods offered by Okta come with substantial drawbacks in terms of security or friction. In comparison Nametag creates a higher level of assurance and is far more flexible than any other Okta MFA factor.

  • Nametag can’t be lost, unlike physical security keys.
  • Nametag can’t be intercepted, unlike one-time passcodes.
  • Nametag seamlessly transitions to a user’s new device, unlike authenticator apps.

Compare: Okta MFA Methods

  • SMS or Email One-Time Passcode (OTP): Moderate Friction / Low Security.
    • Passcodes can be intercepted. SMS and email were never meant to be security protocols.
  • Voice Call: High Friction / Low Security.
    • Phone calls offer no assurance that the other person is really who they claim to be.‍
  • Authenticator App (Okta Verify, Duo, etc.): Moderate Friction / Moderate Security.
    • Vulnerable to push fatigue and AitM attacks, and must be re-enrolled if a user has lost or changed their phone.‍
  • Hardware Token (e.g. Yubikey): High Friction / High Security.
    • Costly to issue and manage at scale, and a bad actor can simply claim to have lost their key. 
  • Nametag: Moderate Friction / High Security
    • Nametag is uniquely secure thanks to Deepfake Defense identity verification, without sacrificing user experience.

Protect Okta Accounts with Nametag MFA

Nametag is the perfect MFA factor when you need to be absolutely certain that a user is really who they claim to be. Use Nametag to verify users accessing your Okta administrator environment, or when you detect suspicious behavior (such as suspected North Korean IT workers or other imposters in your extended workforce).

Legitimate users complete verification with Nametag in under 30 seconds their first-time users, and under 7 seconds each time after. Unlike other MFA factors, Nametag requires no pre-enrollment, and works even if you lose or upgrade your phone thanks to seamless re-binding.

Behind the scenes, our Deepfake Defense identity verification engine combines Cryptographic Attestation™, Adaptive Document Verification™, and Spatial Selfie™ technologies to combat advanced impersonation threats like injection attacks and deepfakes. Powered by Deepfake Defense, Nametag creates a higher level of assurance while remaining more flexible than security keys and other factors.

Learn more about Deepfake Defense identity verification →

How to Set Up Nametag as an Okta MFA Factor

Current customers of Nametag and Okta can start using Nametag as an Okta external MFA method today! Simply follow our step-by-step implementation guide. If you’re not already a Nametag customer, or if you’d like to learn more about using Nametag as an MFA factor for Okta, drop us a line!

Secure your helpdesk against social engineering and impersonators.
Learn more about Nametag
Right Arrow Blue
We use cookies to provide, improve, and promote our services. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. Visit our Privacy Policy to learn more.
Decline
Accept All Cookies