How to implement dynamic access controls with Opal, Okta and Twingate
by Emrul Islam

How to implement dynamic access controls with Opal, Okta and Twingate

Today, we’re excited to announce the new Opal + Twingate integration! Opal makes it easy for companies to implement least privilege while improving productivity.

Trusted by forward thinking enterprises, such as Blend, Marqeta, and Databricks, Opal is a modern solution for identity governance and privileged access management. Employees can easily use Opal’s permissions catalog to make self-service requests or generate auto-expiring credentials for cloud infrastructure. Admins can configure powerful security and governance policies on critical resources. Deployed without agents or proxies, Opal can be set up in the cloud or on-premise in hours.

With the Opal + Twingate integration you can:

  • Allow users to request short-lived just-in-time access to infrastructure and applications from web and Slack
  • Delegate approvals and management to system owners and managers with the most context
  • Configure powerful governance policies for sensitive access
  • Automatically escalate and revoke privileged resource access based on on-call schedules e.g. PagerDuty or Opsgenie

Twingate and Opal: Better Together

Customers have leveraged Twingate and Opal together for a holistic zero-trust architecture both inside their network and across their applications and infrastructure. Zero trust is a powerful concept in network security where, by default, no access is given and no source is trusted. Implementing zero trust is challenging but when done correctly, it fortifies organizations against attack by limiting their attack surface.

Before Twingate, teams would manage multiple VPN solutions with inconsistent rules around who has access – resulting in a lack of transparency and consistency. Twingate enables companies to scale by simplifying network access controls with an easy deployment process that is seamlessly integrated with Okta and Terraform.

As with zero trust solutions, Opal implements the principles of limiting and continuously verifying access. Opal’s focus is managing resources outside the network layer, including developer infrastructure, identity provider groups and third-party SaaS roles. With Opal, employees are assumed by default to be unvetted. Access, for the most part, is not automatically granted and must be manually requested using Opal’s seamless workflows via web or Slack. Once granted, access is continuously re-certified, either because the access grant was short-lived or as part of periodic compliance reviews.

How to use Twingate and Opal

  1. Install the Opal integration for Okta
  2. Setup your Twingate Okta integration
  3. Start granting just-in-time access!

Any questions? Feel free to reach out and we’re happy to schedule time for a demo!


Featured Articles