Podcast description: Join us for a webinar designed to help government agencies navigate CJIS compliance and explore the latest security measures. Gain insights from real-world case studies, including the City of Garland and the City of Northport, showcasing the practical implementation of TecMFA and Tectango for Police. Discover how these solutions streamline operations, improve data security, and contribute to CJIS compliance.
Christine Halvorsen
And welcome to our discussion around sieges compliance. And we know this is especially important with the upcoming October 1 2024 deadline quickly approaching. And I'm very honored today to be joined by Haskell, Scott, Sarah Emitt, and again, myself as the public sector CTO for Okta. So I want to set the stage for today's discussion, because during my 20 years of government service, including as the Assistant Director of FBI CGis, I always found it helpful to hear how government partners overcame challenges to achieve their missions while also ensuring compliance. So today you'll first hear from Haskell of how the city of garland faced the challenges of implementing the new CDs requirements. After we hear about Haskell successful journey, we will talk with Scott about his journey to achieve multi factor authentication in a mission environment that not only had government owned devices, but also personally owned devices. And that's a challenge in itself. And rounding out the discussion, Sarah Amit and I will discuss the best practice we have seen in working with our public sector customers to include vendors who are supporting them on the best practices in implementing the CGis requirements by 10 by October 1, our hope in telling our story is that you take away valuable insight that can assist you in your journey to become compliant. So I'm going to start by putting Haskell in the hot seat. So welcome Haskell. Hi. Good morning. And so I'm wondering, can you share some of the key challenges the city of garland faced in complying with the sieges requirements before implementing tech MFA?
Haskell Harper
Some of the challenge we, like a lot of other people in that public space sector were a little late to get on the bandwagon with multi factor A lot of it was institutional resistance. Some of it was, you know, lack of funding. You know, it wasn't really high on the list. Bunch of news events hit, you know, we're in Texas. A lot of Texas agencies were hit a couple of years ago, so suddenly the funding appears, and we get to start going down this MFA road. Like a lot of other agencies, or I'm assuming a lot of other agencies, especially in public sector, there's a big resistance to using personal devices when implementing MFA, people don't want to install apps on their personal devices as factors. So we reached out to Okta directly being our IDP, and they specifically recommended credenty as a solution for us. So that was great. Specifically in our police department, those guys are able to use their access badges to tap in, tap out, use them as authentication factors. They've already got them on their person at all times. So it just it made acceptance a lot easier in our environment.
Christine Halvorsen
That's great. So that's seamless integration, right of solution. And so again, with that, you know, again, were there any other user resistance or operational disruptions that you initially encountered during the process?
Haskell Harper
No, once we identified that solution and it was acceptable to our user base, which is another key thing. I mean, you've got to get your stakeholders involved early on figure out what the business processes are. I mean, we're a city, so I've got 45 distinct business units across my organization. I don't have a single vertical. You have to get in there early on, engage with all of your stakeholders, your business partners, figure out what their business processes are and what authentication workflows are going to work for them. You know, our police department has a valid concern if they are responding to a situation and they have to authenticate to a device quickly to do something a lot of them really don't have the time to sit there, pull a cell phone out of their pocket, do a challenge response, do a number response, oh, well, I chose SMS. Well, my carrier's taking 30 seconds to a minute to get my message to me. They need something that works fast for their business. So definitely early on, engage your business partners. Yeah, and I
Christine Halvorsen
would say that, you know, it definitely comes down to personal security, having done car stops myself, right? You're watching the car, the most dangerous place for law enforcement to be, right? So, watching the car, watching the hands, what are they doing inside? How many people are inside, right? Instead of, like you said, pulling out a phone and trying to put your, you know, kind of, you know, authenticating through. Phone, being able to have that quick tap, right? And while you're keeping your eyes on something else is definitely essential to life safety for these officers, that's great. And so there's, I think, and there's two sides of this right. There's the side of implementing kind of the MFA process for that mission, making sure Mission Continues, a seamless integration right on that piece. Then you sit on the side of, Okay, now we're going to be more secure. And then there's also enterprise wide looking at the user base and the identities and who's accessing and kind of protecting everything from the online threats. So are there? Can you talk to any specific benefits you've observed in terms of enhanced security and even that compliance right with the CGis requirements since deploying tech MFA and tech tango? Oh, absolutely,
Haskell Harper
you know. So we've been talking about the tech Tango portion here, which is the RFID cards being used as an authentication factor, you know, and you can leverage that software to do more than just your authentication. You can lock, unlock your workstations. But we also deployed the other product from credenti, which is tech MFA. That product we deployed enterprise wide on every endpoint we have, or every corporately managed endpoint we have that puts the multi factor authentication experience or the Okta authentication experience in front of the Windows Control, Alt, Delete, and that was, That was at the top of my list of requirements. You know, Okta is fantastic product at securing cloud based products, SaaS products, but I'm a municipality. I've got a lot of legacy stuff on prem, and I have to have protections for that. So our solution was just to put Okta in front of Control, Alt Delete on the workstations that way, essentially everything behind the Windows Logon is protected by MFA, and it gave us it also will, for those that are unfamiliar with the product, It also protects the RDP sessions. If you're going to RDP to a workstation, or we have it on our servers as well, you can set it to require MFA with RDP with remote desktop sessions, account elevations, if you're if you've got users that are using admin privileges to step up their our admin accounts to step up their privileges to do things like software installations, again, that's protected by MFA if you choose to enable it. So it checked a lot of security boxes for us,
Christine Halvorsen
great. Hopefully it lets you sleep a little bit better at night, a little bit better, little bit a little bit. And so I know one of the discussions, you know, and I've been talking to folks at CGis a lot, and just having attended the ISO C just compliance conference, one of the biggest challenges I think they're facing, too, is shared accounts, especially when it comes to NCIC, right? And that CGis compliance. And so just wondering, if you can talk to the deployment of these solutions, how did it streamline your operations, particularly regarding those unauthorized shared accounts?
Haskell Harper
Great question. When we deployed tech MFA across all of our endpoints, as soon as you try to log into Windows reflect my train of thought here. So, yeah, okay, you got you when you sitting down to log into Windows, it's going to hit you with that multi factor prompt. Well, in doing so, we found out we had a few unauthorized accounts, or legacy accounts, or things that we just plain didn't know about in our environment, where people were using shared accounts on workstations. Well, they tried to use their shared account. Their shared account wasn't in. Okta, they couldn't multi factor in. And help desk starts getting calls. Hey, we can't log in. Well, you take a look at it and hey, you're right and you're not going to so, yeah, it was good. It helped us audit our environment. It wasn't something we expected going in. It was an unexpected benefit.
Christine Halvorsen
Yeah, and was that something just kind of talking about just operations of Help Desk? Was that something, once you saw you how to alert the help desk and kind of upskill them on how to answer that question. Oh,
Haskell Harper
absolutely, yeah, yeah, you've got to engage your support team before you ever deploy Octo Well, anything into your environment. You know, keep, keep your support people in the loop. And yes, there's a learning curve there. And. Yes, you're going to have some hiccups in the very beginning, we were fortunate. Our implementation went smoother than I hoped for. We had a great implementation.
Christine Halvorsen
Great. Thank you. And I'm going to bring up a topic that's everybody's favorite topic, I know on this call cyber and security insurance, right? Obviously, with the prices of that going up and up, and also the hoops you have to jump through to even get cyber security insurance these days, just wondering if you can discuss that process and kind of the impact of implementing the tech MFA on your city's ability to really secure that cybersecurity insurance,
Haskell Harper
sure, yeah, that's one of everyone's favorite tasks. Is filling out those 400 questions on your underwriters that they send over for you every year. Yeah. MFA is previously it was one of those check boxes on your cybersecurity, insurance forms and questionnaires, and they would press you on it if you didn't have it, you know, maybe you it would cost you 10% more or 20% more, or they'll phrase it as a discount, you know, you'll get a discount of 10% if you have MFA. I've noticed here in the last year or two, they're going to require it, if, if they're going to underwrite your policy, they're going to require that you have MFA in your organization,
Christine Halvorsen
as met as well as many other things. Oh, yeah, yeah. And so for kind of pulling on that a little bit, you know, mobile device security is a big one, right? And so what improvements have you seen within the police department after deploying tech tango? And also, we have a question as well of what type of credential the officers are using to tap into their laptops. And I know you mentioned RFID but if you can go into that in the same question, that would be great, yeah, to
Haskell Harper
you have to answer that they are RFID cards. And that was another thing we discovered in our deployment, was when we went to check on some of the older officers in our or officers with longer tenure in the in the organization, we found that they were still using the 125 megahertz cards, which were not terribly secure. So as part of our project, we did double check all of our RFID cards, made sure we were using, you know, modern cards, modern authentication, and we did have to upgrade the readers on our mobile devices as part of that process. And I remember their question, but not yours. I'm sorry. Can you repeat that?
Christine Halvorsen
Yeah, so what improvements have you seen in the mobile device security within the police department after deploying tech tango.
Haskell Harper
Well, essentially, I mean nothing, really. In addition to what we've already touched on, the officers will typically begin their patrol the mobile. Since we're talking about mobile, they will typically begin their shift, you know, patrol cars in the parking lot. They will get in. They will multi factor into their device, and from that point on, the rest of their shift, they're essentially using their RFID cards just to tap and lock their workstations and tap and unlock their workstations. So it's the it the experience is easy for them.
Christine Halvorsen
Great, yeah. And again, I think anything nowadays, right? We're so used to just downloading an app being it, you know, works right away. In our personal lives, we want the same thing right in our work lives as well, even though it's a much more complicated and complex environment to do those things in for sure. And I think you know, one of the discussions too, that I had when running digital transformation projects, there were two discussions that the executives always asked, right kind of the executive sponsors of the projects, how are you going to measure this by metrics that it was successful? And the second was, Are you going to achieve any cost savings, or the two questions we always got, and so just wondering, when you went into this project, did you set metrics on what success looked like, and was there an ability to have a cost savings based on the scalability of the project as well?
Haskell Harper
Sure. Well, your our biggest success metric is going to be the least disruption to the business. I mean, at the end of the day, I'm it, I'm a support organization. One of my goals is to not disrupt all of our businesses, you know, and disrupting. A police department is not a good thing. So honestly, that was one of our highest metrics. And then you know, what type of additional support calls would implementing MFA cause us? You know, is this going to put a burden on our help desk teams once we got past our initial rollout, no impact whatsoever. Matter of fact, the we got a when I when we bought the products initially, I didn't realize that we had a self service password reset portal as part of the product offering. So that was a pleasant surprise early on, maybe I just wasn't paying attention during sales presentations. But that turned out to be great, because now our users can reset their own passwords securely right from the Windows Control Alt Delete prompts so you know, they forget their password, they can do it securely, as long as they have their authentication factors, you know, their their app, their card, whatever the case may be, they can do this themselves, reset their passwords and unlock their accounts. Great benefit.
Christine Halvorsen
Great and through this, right? You know, we started talking about CGis requirements. This is all great. Best practices were given us and lessons learned. But through this, you know, CGis is going to have you self attest date, right? Do a self attestation that you're meeting, there are new requirements and then potentially audits. How easy will that be for you now to go through that process right, knowing you've implemented this
Haskell Harper
essentially. How do I make the auditors happy?
Christine Halvorsen
Yeah, exactly. How do you make that a phrase? It that way. How do you make the auditors happy by implementing the tech FMA right in tech tango. Does it make the auditors happier? And is it easier? So for example, I will tell you we had a client here that actually spoke at our Okta identity Summit, and they talked about how the audit was coming in for FedRAMP, and they said, We're going to be here for FedRAMP, moderate, just talking about identity for two weeks. And two days later, they came back and said, Actually, everything was in one place. We were able to get it in two days, so we're done with that part of the audit, and they moved on. And so obviously, that saves your team time too, right from doing all the walkthrough audits and spending weeks on walkthrough audits, you know, versus maybe taking two, you know, week and a half back in your lives to do operational things. So, oh
Haskell Harper
yeah, as far as providing evidence for multi factor and securing. I from a siege perspective, securing identities across the organization, easy, really easy. I can report on how all my devices are secured. We can pull authentication logs. We can show them policies it, and it's very, very easy, great, but no, no issues whatsoever there. Great,
Christine Halvorsen
awesome. And so I'm gonna kind of end with a question on, kind of, what advice would you give to other cities looking to achieve CGis compliance and enhancing their cybersecurity measures, especially from the successful journey that you've just been on. I'll just, I'll
Haskell Harper
go back to, you know, assess your organization, engage your business partners early on, engage senior management early on, because you're going to have to have buy in from your word city, from our city manager, our city council, other organizations, your CIO has got to be on board. If you do not have executive buy in on this, your implementation is going to fail. And yes, it's like that for almost everything that you're deploying. But this, this is going to touch every single person in the organization you know, anyone who logs into anything interactively is going to be impacted, so make sure you're engaging your stakeholders early and often. That mean that that is really the biggest piece to success.
Christine Halvorsen
Yeah, and again, having done several projects, communicate, communicate, communicate, right? It's not just a one and done. When you're having those conversations, it's okay, this is what we're going to try to do. Or you guys are, you know, is this group okay with it? And as you continue on the project, continuing to communicate and provide updates to where you are, and continuing to have them in the room, right? I always say that tech needs to be at the table of in every mission conversation, tech needs to be at the table because there's so much tech enablement that you know you can do permissions, but also there's things that could go wrong that impact mission right if you do it the wrong way. So I really commend you for for taking that step. And really talking to those stakeholders and making sure their voice was heard, because it's not easy to do right, and it's not easy to get their buy in. So commend you on that in a successful project as well. Yeah, I
Haskell Harper
will say, you know, these products right on top of Okta, if you already have Okta deployed, deploying tech MFA and tech Tango are not going to be difficult. If you don't have Okta deployed as your IDP or MFA provider or single sign on provider, that is going to be the heavier lift than adding these pieces to Okta and
Christine Halvorsen
Haskell will still be here for questions at the end. So if we have any new questions coming up, we will, we'll ask them at the end. So thank you for your time and thank you for your answers. Okay, Scott, I'm ready. You're ready. Okay, awesome. So excited again. Little bit of a different challenge for you as we're talking, right? And so let's, we'll start there, right? We started there with Haskell as well. What challenges were faced? Because that's really, again, coming up with the challenge and then working back from the solution you wanted to obtain, right, and those outcomes. So can we, can you talk a little bit about the primary challenges that Northport face in implementing an MFA solution, and again, that personal versus city owned devices and the environment?
Scott Murphy
Yeah, that's really where we started this from. We got a lot of pushback, as Haskell had talked about, of using personal devices. We had employees that did not even want to receive a text message to authenticate on to their personal phone, and so it much less put Octa verify on so we we were looking for a solution that we could implement and across the city that would allow the multifactor verification without just doing equipment that city owned. I mean, we looked at different solutions. We, you know, we we looked at getting the key fobs and, you know, in different things. And in the end, we just felt like that the RFID readers were the best overall solution, because then we could implement them in with our access control. So it's a, you know, really one card does everything get you in the building and get you into your computer. It does everything that you need to do when you're at work.
Christine Halvorsen
That's right? And how long as you looked at the different options, right? And obviously you have different user bases that are using it for different reasons, right? That you have to meet. How long did that process take you to come up with that the RFID was the best solution for you? Like, what steps did you go through again to haskell's point where the end users included in that process? Yes,
Scott Murphy
will We? We? We have a sister city across the across the river there in Tuscaloosa, and they had already implemented something similar there. I talked with their staff and some of the challenges they had. I brought in department heads. We had meetings about this, about how the best to implement it. Of course, you know, the first answer was, No, we don't want to do anything. Of course, they don't want to be inconvenient. Inconvenienced. And I was like, I'm sorry, it's going to be inconvenienced with this as well. And but really, when we came down to it, and once we implemented it, I have to say that it really is a seamless integration. I had one user describe it, that it just works, and it's true. Now, one of the things that we got by in was we about this same time, we moved our time outs from 30 minutes to 10 minutes, and so people were having to put in their passwords every 10 minutes that they walked away from their computer. So having the ability to put in the password at the beginning of the shift and then just tap in and out after that, that won a lot of people over because, oh yeah, I'd much rather tap than have to type in my password every 10 minutes when I'm walk away from my desk.
Christine Halvorsen
Well, that 10 minutes, you know, is good from going 30 minutes, I'd be curious to know how many funny emails were stopped, of people getting on other people's computers and typing emails to people they probably shouldn't be because, believe me, I've seen it, and pretty funny. So hopefully that stopped that, and any any other, you know, security concerns you had there. So I know that, especially going back to the phones, right? SMS based MFA, right? And there was some confusion. And how did with the SMS based MFA, and how did that impact your deployment process? And what you know? What did you do to overcome those issues?
Scott Murphy
Well, well, that. Goes back to one of the the reasons that we got complaints was they were like, how I know this is real? How do I know this is coming from Okta? You know, you tell me that y'all tell me that not trust anything that comes in on our phones. And then you're we're sending, we're getting this thing in from this number. How do I know that this is is accurate? So, you know, this was another way that just took all that off the board. They don't have to worry about that anymore, you know, and they just can get in their computer, tap in, tap out. And now we did, we did implement the tech MFA as well. And I agree that I think that's a, it's a it's really a pair that has to go on together. And so it is. You know, really, we never install one without the other.
Christine Halvorsen
And to that point, how do you ensure if someone finds a card, just say someone lost it and found it, that someone's not just able to use that RFID card. What kind of procedures do you have in place for that?
Scott Murphy
So, you know, we, we do our, you know, we do have the, you know, you have to know the password to get in initially. You know, you have to to be able to, to have the password to use the card. And so if someone just found a card and came in, they that would not give them access to the device. So, you know, the we feel very we feel very confident that we can do that and we can quickly remove a card. If somebody reports a card missing, it can be locked down, you know, within minutes. So I think that it's a very, very secure solution, as far as that goes, Yeah, and
Christine Halvorsen
I would think too, right? It's goal goes back to multi factor authentication. You're just not relying on that one card, right?
Scott Murphy
It's card, it's passwords, it's, you know, you know, it's everything that goes on with multi factor that we're, we're, we always have more than than one factor to get into the computer. Yeah,
Christine Halvorsen
exactly. Thank you. And good, best practice to follow, right when you're implementing MFA and convincing people to do it like you had to do. So, you know, there you had a requirement in this, from my understanding of ensuring laptops can be accessed offline, right? So that is a huge challenge, right? It's a huge challenge for a lot of our public sector customers. I can tell you, when I was the FBI, our international operations group, right? They handled multiple countries, and they didn't necessarily have an office to go in, and sometimes we had to do things offline. So just wondering, kind of what steps you took to ensure that laptops could be accessed offline, and how did that help the overall user experience for you?
Scott Murphy
Well, it really is critical that to install the tech MFA on the all your laptops and to enroll them at the time of installation, to get with the user and enroll them in the offline enrollment. Because, you know, people take computers home, and the first time that they get there, or they take them to a hotel room, they don't have internet initially, all the time. So we had some people that were like, wait a minute, what do I do if I don't have internet, if it's if I haven't connected to the Wi Fi yet? So having the the offline enrollment, you the is, you just go in through tech MFA, you have your offline in your Octa verify, and so you just type in the code from your offline for that particular computer, and then you're in, and then you can connect to the internet, follow through with your remote access whatever you need to do at that point.
Christine Halvorsen
Great. So it allowed you to kind of expand out even kind of your cyber security practices right further out than just kind of the walls that you have around your internal workforce.
Scott Murphy
That's right. And so we have multi factor on everything. So you know, once they they once they're out, they get in through multi factor, either offline or online, with tech MFA, if they go to the remote access. That's also is multi factor through through Okta as well. So we, you know, every step of this we have, you know, Okta integrated in is part of our multifactor solution, while expanding
Christine Halvorsen
your security perimeter, which is incredible, right, for people to operate in. So we'll kind of break this down a little bit more too of other specific results you've seen in terms of your enhanced security and user satisfaction since implementing these solutions.
Scott Murphy
Well, the you know, it is been amazing to me. The. Again, how much people didn't have pushback on this, and they just accepted it. And we, as Haskell talked about, we took the tech MFA as well, and we expanded it into all of our remote desktops and all of our admin connections. So you can't do any any admin connectivity locally without going through tech, MFA and multi factor. So, you know, it really, using these products really did elevate us even further than what I expected, on being able to really lock down the local experience, on having everything through some type of multi factor to access.
Christine Halvorsen
And can we talk about the rollout a little bit, if you wouldn't mind, because I know rollouts are not the easiest, right, because there's always that human factor in the middle of everything. So how did you approach the rollout? There's multiple ways to do it, right? One is kind of the mission critical folks get it first. The second is, maybe the admin folks get it first, make sure it works before you give it to mission critical. How did you approach this?
Scott Murphy
We did that. We went with our admin department first. So we started with city hall and started in finance, and then kind of moved through department by department at City Hall, and that allowed us to really work through a lot of issues that may have come up, and there wasn't a lot, but it allowed us to really tweak what we were doing. It let us tweak the rollout on, you know, an emitted, you know, Administrative Assistance computer or receptionist computer, rather than the fire department. So we, by the time we moved into public safety, we really felt like that. You know, we really had the whole process down to where everything was just really, really smooth. So it is, again, I think, that that phasing it out and doing it incrementally, and department by department was really, really helped us out.
Christine Halvorsen
How long overall Do you think that took you to
Scott Murphy
it was, it was about a three month process. And but we're, we're not, A, we're not a huge staff here in North port, so we fitted in when we could. But, but overall, it was, it wasn't a bad roll out.
Christine Halvorsen
No, that's great. And, I mean, remember, yeah, people who are on vacation, maybe when the department's going through and you have to follow back up with them, right? And make sure you're doing that. Plus, you know, as I explain to people all the time, you're trying to keep the lights on TOO at the same time, right? It's not that you're just focused on a rollout. You have other other job responsibilities as well to do every day. So it's, it's difficult, right? To do both so and and as you did that implementation right across it. Were there any? Again, I know we talked to Haskell about this a little bit, but other benefits that you saw from a financial perspective, or insurance perspective, that because of implementing the MFA, you were able to achieve,
Scott Murphy
yeah, you know, like, like Haskell said it, you know, MFA went from a is great, if You have it, then is to the oh, well, I'm not talking to you if you don't have it, so, but we were able to get a 10% discount on our cyber insurance policy based upon having all of our admin connectivity Through multi factor so rather, I'm looking at office 365 or I'm on on prem servers. It's all going through Okta, and we use tech MFA in order to implement that for our on prem. So we wrote all that up, sent it to the underwriters, and were able to obtain that discount.
Christine Halvorsen
And is it going to help you? You believe, I mean, Haskell kind of answered this question, but would love to get your viewpoint on it, on also, if you were audited, right, or even doing the self attestation for the CGis compliance, yes,
Scott Murphy
yeah. When, yeah, all that we we have such good, it's such good documentation in records, and we have policies in place that I think that it's going to, you know, really, you know, just, I don't want to say knock on something, that it's not going to be a big deal, but I mean, I feel, I feel pretty prepared for whatever we have to to, to do in the future, based on what we the access and that we have and and the the abilities We have to be able to pull logs and that sort of stuff,
Christine Halvorsen
yeah, so the data calls won't take you as long as they probably had in the past.
Scott Murphy
It's true. Well, I have to admit it, we've had very little of really IT support for this. It really hasn't been that way. It just. Kind of it just kind of works. We kind of ran into the same group problem in our fire department as Haskell did. We ended up finding that they were using a kind of a group login to to view training calendars. And so we had to to kind of change that and get that to where it was. It was, it was on an individual basis. So we, we again, we, we discovered some things in our own environment that we probably, at one point somebody knew, and at some point somebody forgot. So it helped us to kind of do some internal auditing work ourselves. Yeah,
Christine Halvorsen
I was gonna say, Did it help you clean up accounts too, that maybe were not being used anymore, right? And that were, could be security vulnerabilities, yeah,
Scott Murphy
we, you know, we are, you know, with the tines that we have and octane and ad and this tied in Octa it, it is really allowed us to do some ad cleanup.
Christine Halvorsen
That's great. And so kind of, I asked the same question of Haskell, I'm going to ask it again. You have a lot of lessons learned here that you've already given us through your journey. Are there? Is there anything you would recommend to other municipalities considering that are considering similar security upgrades or just on their path to see just compliance? Any helpful hints?
Scott Murphy
I mean, he kind of covered everything, but it's, it's true you gotta, you gotta address the, you know, stakeholders early, engage, get, you know, get that buy in at the executive level. And, you know, it's just makes, I think, the whole transition better. Our phased rollout, we were able to really focus with a department head in their department. So that was, I think, another thing that we really got as well in the phased rollout in this was, okay, we're doing finance, or we're doing planning, and I was able to engage directly with planning director and work through and then we work through their staff. And so, you know, in engage early, come up with a rollout plan that really, I think, targets departments and so that you can work with them. And then, you know, just it really, then it's very minimal training, but it is important to to let the users know this is what's happening. This is what's happening on your computer. Now, this is what you do. This is, this is what you do if you forget your card. And it's another thing with the tech MFA, if you, if you walk out of your house and you don't have your card and someone lets you in the door, it still didn't get you in your computer. So you can, you know, you can use another Octa verify SMS. You can contact us, or you can contact us. Another thing that tech MFA provides that we haven't talked about is you have an admin one time password. So if they call the help desk and they're completely they don't have any way to get in. So they don't have their car, they don't have anything, you can always do an admin one time password from our help desk staff and get you in that, in that one time to get at least get you working so that you're not down in the water dead. That's
Christine Halvorsen
a great those are all great points that definitely have that contingency plan right. And those are great again, other multi factor authentication or authentication methods that you can use. So thank you for all that, and thank you for explaining your successful journey. Really appreciate it. Thank you. And again, Scott will be sticking around for some questions at the end, if you have any further questions, okay, here's our poll. Poll question number two, which feature of technics solution is most valuable for your organization? Hope everybody had time to answer that question. And now Sarah the minute, if you guys are ready, like to specifically talk about the Technics credenti solution and how you leverage Okta to do that. And I know we've had a lot of great questions in the Q and A that I know you've been answering as we go along here. So are you guys ready to get started? Absolutely? Yay. So So, Sarah, if you wouldn't mind or emit, we'll let you guys how Okta enhances the security when integrated with credenti.
Sarah
Emit. Do you want to take that or do you
Amit Prasad
want me to.
Sarah
So we do have supported use cases, right? So Opta is the foundation, and we just expanded on their technology. We've been a partner with Okta for over seven years. So excited to be in this journey again. Identity, I like to say, is a journey. So the supported use cases, I'll do a quick recap, if I could use the RFID cards, right that they've all mentioned we could do. We could also do a one time passcode or OTP. We support that user scenario. Also we do risk based authentication, so we can analyze the login patterns and detect high risk attempts. The fourth user, or the support case is biometrics. So that's fairly new for us. We're getting a lot of interest in state and local governments around that. And then, of course, the last use case we support is hardware tokens or one time password. So again, every municipality does things a little bit differently, and with the flexibility of optic credential and techniques, we can fit it to their best, you know, whatever their use case may be. In addition to that, as you heard with both the speakers, we were reutilizing those RFID cards that they already had, so that wasn't an additional expense on top. So that's how we were successful in these two specific use cases here today.
Christine Halvorsen
Thank you, Sarah for that. And I think, yeah, that seamless integration is a key point, the neutrality of it all right? And working with what you already have in your environment, right? I think the hardest thing to do in government is rip and replace, right? And so I think Okta works with everything, right? Okta works, you know, with Microsoft. Okta works with anything that's out there, it's neutral, and I think that's kind of the key component here for us as well, when we're integrating, especially with credentity, right in that integration. So thank you. And I kind of you know there are a lot of benefits right to our partnership. And so can you talk about the key benefits of using the solution for credential management?
Sarah
So again, we extend the Okta platform, so work very closely with the Okta reps as well, right to make sure that we're going in and understanding that the customer's challenges and then ours is just a simple layer on top, as you heard with both use cases or both customers. It was seamless, right? It just worked. And Scott loves to say that, and I love to quote him. I never use his name, but it just works. And the rollout, we typically end up doing the Okta deployment as well as the credential solution. So again, we can do both sides, but it just works. And, you know, as an identity leader, Okta, working with credenti, and again, utilizing existing infrastructure within the customers, you know, facilities, etc, we can reutilize some of that, like the RFID card, etc,
Christine Halvorsen
right? Yeah. And I think again, again, that seamless integration, but you have that seamless integration kind of on the front end for the users to use it. Maybe this is for admit to answer of how easy is it to integrate Okta into your existing platforms, right? I mean, Scott and Haskell hit on that a little bit, especially if you already had Okta, bringing techniques in and credential in is very easy, but a minute, if you can talk to that a little bit, that would be great. Yeah,
Amit Prasad
sure, sure, yeah. Okta is very, very easy to integrate. In fact, I always say, right? When I talk to my team, Okta administration is a breeze, right? I've never seen a tool that's so easy to configure, right? You go to the options, and the option that shows up on the dashboards is intuitive, right? I don't sometimes I don't even have to go and check the documentation or how it would work. I would just figure it out just looking at the it's that helpful. And then okta's documentation is wonderful. You go to developer.com look at the documentation. It's well documented. There are a lot of examples, and that is how we do it in our lab. And then we figure out how to integrate with the Okta platform, so all the modern technologies that doctor supports, like OIDC, OAuth, SAML, it's well documented and very, very easy to integrate.
Christine Halvorsen
Thank you. And I think one of the other pieces amid that would be great to talk about, too. Is kind of Haskell and Scott talked about a little bit, but kind of the new data it provides right for them to be more secure and for them to be more proactive against the threats. Can you talk to that a little bit about how not only do you have this great, seamless integration for the end users, but also for the IT staff and and how they can use the solution to be, again, more proactive against the threats.
Amit Prasad
Yeah, so as our solution works on top of the Okta platform, so the threat inside capabilities that you have in Okta that apply. So when you're trying to log in to the desktop, let's say, and Okta detects a threat that access is denied, and that is whatever error or message is being returned by Okta. The same message is related to the users on the desktop. So we don't have to do anything special there. We rely on out of the box capabilities provided by the Okta platform.
Christine Halvorsen
Great. And on that, I'm going to talk a little bit about the CGis requirements, right? So new CGis requirements are, you know, again, that 10 one deadline. There's a lot around authentication, there's a lot around, you know, authorization. There's new requirements, you know, again, Scott talked about going to the 10 minute log out, right time, you know CGis is at 15 minutes, right? If you walk away, how quickly using the Okta and techniques, platform and credential platform, can you make those adjustments? Right? Is it easy once new requirements come out? Because, again, CGis is going to release new requirements come February, right? And they're going to add on to add on to the new ones that they have that you're, you know, for 10 one. So how easy it is? Is it? Is is it a heavy lift to start implementing and and fine tuning, or is it easy to do with the two platforms together? It's extremely
Amit Prasad
easy. Like Okta is very easy to administer, right? Similar fashion credential platform is also a very, very easy to administer. You can create policies targeting a specific group of users. You just go and shape the policy, and on the next login, those policy gets applied. So let's say, for example, you want to enforce a PIN for only a subset of user, you just go and change the policy and the next login those policies implies. So it's very, very easy to configure.
Christine Halvorsen
Terrific. Thank you. And I, and I think you know, talking for both our companies, I mean, we're following the CGis requirements, right? We're See, just confine ourselves. So as as you say, kind of we, we make and eat our own dog food because we understand what you have to go through to be CGis compliant. Because, again, as organizations, we are see just compliant, but also we, you know, continue to try to evolve with the new requirements coming out, especially around NIST 800 dot 53 right? And anything that's coming out around there, because that's kind of what CGis is based off of in FedRAMP. So just helping, you know, helping to know that we're being proactive in developing our solutions to meet those demands before there even a requirement is isn't essential, right? And keeping up with that, that's right, that's right. And then I'm gonna, and then I'm gonna go back to Sarah, kinda, Sarah, if you wouldn't mind, at, you know, answering kind of kind of the support and services that credenti techniques offers to ensure the smooth implementation, ongoing management of the solution.
Sarah
So we can offer lots of different ways. So in these cases, we actually just did the deployment for the Okta, as well as the tech tango and tech MFA. We do offer Identity and Access Management kind of gap analysis, because I do think that it is a journey when you're talking about identity and access management. And then we also do offer managed services if some institutions need additional help. We're always here. I've got about 45 certified Okta engineers. We've been a long term partner of Okta on the services side. So welcome any questions or any ways that we can help to further adopt Okta and techniques.
Christine Halvorsen
And I think this maybe one for you. And you know, amid kind of do you see any hiccups or bugs in the data from the RFID system as you try to meet the compliance requirements for sieges. Have you seen any of that across your customers?
Amit Prasad
No, we have not come across any challenges with the badges we support most of the account badges available in the market and most of the readers. So as such, we have not encountered any challenges. And by the way, I just wanted to add, we have started supporting badges that have inbuilt fingerprint center. There's a company called sentry enterprise that manufacture those that provides absolute proof of identity. So someone asked the question, hey, what happens if the badge is dropped in the hallway somebody picks up. Yes, there's a chance that somebody can pick up and access the building. So if you're trying to solve that kind of problem, I would highly recommend that get in touch with us, and we can show you how we can leverage on those badge that have our inbuilt biometric sensors to provide absolute proof of identity. And the other cool thing is the same batch can also be used to log into Okta dashboard. So we have another feature that we have introduced is IDP as a factor. That means when you log into the Okta dashboard, you enter a password, and then the user gets prompted to tap the batch. So now, not only you can use the batch to unlock the workstation, you. Can also use to log into dashboard, because there are certain workflows where there is no need for the user to log into the computer. They just need to log into the dashboard, and then they have one click access to all the SAML applications that is all already federated with Okta. So there are multiple ways that you can leverage on the badge, not just to unlock the workstation. So yeah, please get in touch with us and we can discuss about your specific workflows. Yeah.
Christine Halvorsen
And to that point, you know, first of all, I love the dashboard. It makes life so much easier finding things. I wish I had it when I was in the FBI, but I think the physical world and the online world are coming closer and closer together on the threats, right. And I think just having that RFID badge and being able to track it, not only in the physical world, right, which is again, requirements by sieges, but then also using that same identity and tracking that identity through your online world are very essential components, again, to meet those sieges requirements. So just being able to kind of put all your security around that piece, right, the RFID and your multifactor authentication, not only online, but in your physical world of accessing buildings, accessing accessing rooms, is a better way to answer those CGis requirements around physical security as well that are that are new in those requirements. And being able to show those logs and being able to correlate those logs together will will show a better picture of what people are doing around the CGI data and their access to it. So I think again, to emit point it's it's really essential to have those two together. I don't have any more questions for the team. I think we've had a great discussion. I'm going to open the floor one more time for any other questions. We've answered all the questions in the Q and A, but I want to leave time for you all to potentially pose some other questions in the Q and A, if you have them at this time, I don't see any coming in. So Catherine, with that, I'd like to say thank you so much to our speakers today. Like to give them a round of applause to Haskell, Scott, Sarah and Amit for speaking with us today and taking us on this journey. I hope you all who attended today really see the benefit of you know, really understanding that use case, understanding the outcomes you want to achieve, and working backwards from that to come up with a solution that is exactly what was done in each of these use cases, to have something that's easily and seamlessly integrated to the populations that you're serving, To continue to ensure that coordination with your stakeholders and achieving that successful outcome. And so with that, we have one more poll question, and that is, what is the biggest challenge you face in managing user credentials? Is it security risk? Is it user compliance? Is it system integration, or is it scalability? I think we needed one on there too. That said all of the above, because they're all big challenges. But would love to hear from you, which is what you feel is the biggest challenge,
awesome. Well, I'd like to thank our participants, as well as all of our speakers, for being with us today. We hope the information you receive during this webinar has been helpful to you and your organization.