Axiad and Okta Partner to Revolutionize Authentication with Phishing Resistant MFA

September 25, 2023

Passwords present several pain points, both from a security and usability standpoint. Malicious actors can use a compromised set of credentials to gain access to an organization’s most valuable information. Phishing, a form of social engineering where attackers deceive people into revealing sensitive information, has become more common and sophisticated. One phishing attack can lead to a data breach that can cost an organization millions of dollars to remediate. IBM’s Cost of a Data Breach Report 2023 found that the global average cost of a data breach in 2023 so far is $4.45 million, a 15% increase over 3 years. Given the rise in successful attacks, security teams understand they can no longer put phishing on the back burner but now need to proactively prepare for it.

Certificate-based authentication has emerged as a strong, passwordless MFA method that can add phishing resistance to IAM deployments. It has been endorsed by organizations, such as CISA, as an effective tool in preventing and eliminating phishing attacks. However, certificates still need to be managed throughout the authentication lifecycle, and IAM systems alone do not provide these capabilities for lifecycle management.

Better Together: Okta and Axiad

Okta’s single sign-on (SSO) provides organizations with access to all their business applications in one location. Axiad Certificate-Based Authentication (CBA) for IAM enhances organizations’ existing Okta implementation by provisioning and managing phishing resistant authenticators and credentials at scale without changing how Okta authenticates end users.

Once in place, IT can incorporate phishing resistant CBA so end users can securely access their workstation, and then log into Okta-managed applications via SSO. By securing all entities without passwords or shared secrets, this integration both enhances security and reduces end user friction.

Some of the key advantages of this integration include:

  • Seamless Authentication: Log in to your workstation with a provisioned YubiKey or personal identity verification (PIV) card to access all your Okta-managed applications with certificate-based authentication
  • Enhanced Security with Cloud-based Authentication: Provide cloud-based certificate and credential management to enable Okta web sign-in with smart card/PIV, enabling passwordless and phishing resistant MFA for any Okta-managed application
  • Reduced End User Friction: Secure your workstation without needing multiple forms of authentication or resource-intensive agents. Ensure MFA is set up before an employee can gain full access to company systems with Axiad’s authentication management capabilities
  • Addresses Government Requirements: Enforce phishing resistant multi-factor authentication (MFA) with certificate-based authentication, in line with the U.S. Executive Order – and CISA and NIST guidance – to your enhance overall protection

Fortify Your Investment in Okta with Axiad CBA for IAM

Axiad CBA for IAM supplements Okta’s SSO capabilities with passwordless, phishing resistant MFA. In addition to an improved cybersecurity posture, organizations can streamline processes and maximize productivity.

Axiad Unified Portal delivers an integrated view across the entire identity ecosystem, environment, and authenticators. Axiad MyIdentities uniquely provides self-service into visibility and management of all end user authenticators such as Axiad ID, PIV cards, virtual smart cards, and USB Keys such as YubiKey.

End users can quickly perform account recovery with Axiad MyCircle. Axiad MyCircle enables self-service credential resets authorized by other members of their “trusted circle” – people known to them, as determined by the organization. Trusted circle members could include a manager, shift supervisor, or peer. Axiad MyCircle allows end users to eliminate temporary passwords by leveraging self-service passwordless credential resets. This empowers the workforce and reduces calls to IT or the help desk for credential resets.

Organizations can replace the use of multiple tools for enterprise deployment, management, and support of authenticators and credentials with Axiad AirLock. With this feature, organizations can automate MFA processes, such as requiring enrollment of an authenticator, before an employee can gain full access to systems. In addition, Axiad AirLock allows organizations to streamline provisioning of authenticators and credentials (one to many). Organizations can provide self-service credential lifecycle management including account recovery (replacement, temporary credentials, and PIN resets), expirations, renewals, and more. With Axiad AirLock, organizations can streamline authenticator and credential management as well as eliminate temporary passwords.

Supported SCIM Features

The Okta and Axiad Cloud SCIM integration supports the following features:

  • User creation
  • Updates to user attributes
  • User deactivation
  • Group push

SCIM provides a standardized, secure methodology for exchanging information between IT systems, minimizing the need for expensive custom integrations. Organizations can automate user and group provisioning, mitigating the risk of human error. SCIM also eliminates the need for users to remember a separate set of credentials for every application they access.

Supported SAML Features

The Okta and Axiad Cloud SAML integration supports the following features:

  • SP-initiated Single Sign On (SSO): The sign in process begins in the application the user wants to access
  • IdP-initiated Single Sign On (SSO): The sign in process begins in Okta

SAML authentication improves user experience, enhances security, and reduces friction. With SAML, users do not need to remember multiple or complex passwords, saving time and effort. Users can avoid the risks of phishing and credential theft as they only need to trust their identity provider.

Meet Government Compliance Requirements

This integration not only strengthens security and streamlines operations but also adheres to government compliance mandates. Axiad recently announced that Axiad Cloud has earned Federal Risk and Authorization Management Program (FedRAMP®) “Ready” certification status and is now listed on the FedRAMP Marketplace. Okta achieved FedRAMP High Authorization earlier this year as well. With their respective FedRAMP designations, Axiad and Okta allow federal agencies to adopt a secure and frictionless identity environment. Organizations can attain a phishing resistant form of multi-factor authentication (MFA) with certificate-based authentication, which is an essential part of The White House Executive Order (EO) 14028 to adopt a Zero Trust architecture.

As a member of the Okta Integration Network (OIN), Axiad complements Okta’s login offerings to provide a comprehensive identity and access management solution with advanced security features, streamlined identity management processes, and an improved user experience.

For more information about this integration, visit our alliance page for Okta at View our listing on OIN at

About the author
Axiad Demo

See How Axiad Works

See a comprehensive demo of Axiad and envision how it will revolutionize authentication for you!