What negligence? If I read the policy change by Okta they’re ensuring that security of killing an admin session if the network changes.
Edit - unless you mean not mandating the feature by default? As a SaaS solution Okta is set to provide the tools for any company to use which they’re doing. They provide the ability to enable tighter security but it’s not their problem to solve. They could argue successfully that a company can and should enable their own security provisions that may overlap.
To use non-IT terms, Okta is providing a box of knives to a teacher. The expectation is the teacher ensures if the kids can use the knives or not. Okta can take out the sharpest knives if you ask them to but you have to ask.
Yes, it makes sense. Can not doing it be considered gross negligence?
What negligence? If I read the policy change by Okta they’re ensuring that security of killing an admin session if the network changes.
Edit - unless you mean not mandating the feature by default? As a SaaS solution Okta is set to provide the tools for any company to use which they’re doing. They provide the ability to enable tighter security but it’s not their problem to solve. They could argue successfully that a company can and should enable their own security provisions that may overlap.
To use non-IT terms, Okta is providing a box of knives to a teacher. The expectation is the teacher ensures if the kids can use the knives or not. Okta can take out the sharpest knives if you ask them to but you have to ask.
Thanks!