Self-Service Registration and Progressive Enrollment
The session opens with a detailed walkthrough of Okta's self-service registration extensibility, demonstrating how organizations can create custom enrollment policies within the Customer Identity Platform. Mark Vong shows how to enable progressive profiling, which allows administrators to collect user attributes incrementally rather than overwhelming users with lengthy registration forms upfront. The demo illustrates configuring user profile policies, adding custom form fields, and implementing progressive enrollment that enriches user profiles as they navigate through the application. This approach balances security requirements with user experience by collecting essential information at registration while deferring optional attributes to later interactions.
Multiple Identifiers and Passwordless Authentication
The presentation explores two advanced identity features that enhance both security and usability. Multiple User Identifiers allows organizations to configure up to two additional attributes beyond the traditional username for user authentication, enabling users to sign in with either their username or email address. This flexibility reduces friction when users forget one credential but remember another. The passwordless authentication capability eliminates password requirements entirely by leveraging authenticators like Okta Verify as the primary authentication method. Vong demonstrates creating enrollment policies that require only authenticator-based verification, effectively removing passwords from the authentication flow and reducing exposure to password spray attacks while simplifying the user experience.
Session Management with Keep Me Signed In
The final segment addresses session persistence through Okta's Keep Me Signed In feature, which provides granular control over authentication frequency. Vong distinguishes between pre-authentication and post-authentication implementations, showing how administrators can configure policies that prompt users to stay signed in after successful authentication. This feature reduces unnecessary MFA challenges for trusted devices while maintaining security controls through configurable time limits. The demonstration shows the end-user experience where users can opt to remain signed in, reducing authentication friction for returning users while giving organizations control over session duration and device trust policies.
