Link directory

Okta Identity Management – 2021 Review

Okta is the big kid on the playing field in the Identity Management (IDM) space, and for good reason. Functionally, the market leader is competitive with all of the other vendors we surveyed, and a head above most. When most of your competitor’s products include an easy path for their customers to integrate with yours, you know you are doing something right. While Okta is still a bit pricey, its range of features and solid overall platform earn it our Editors’ Choice award in this series of IDM tests with VMware Workspace One Access.

Not only does Okta cover all the major categories of features, but in many cases its implementation of a given feature is more efficient and offers the most options to choose from. For example, Okta offers customizable workflows that give you the tools to automate scenarios with an impressive level of flexibility. In addition, Okta’s integration options with mobile device management (MDM) solutions such as VMware Workspace One UEM, MobileIron, and Microsoft Intune are not only top of the class, but they are also easy to use.

Okta configuration

Setting up your directory to sync with Okta is simple: download and install the agent, log into your account, configure a few basic settings, and you’re ready to import users and groups. Okta offers the option of fully automating this process or requiring users to be imported and / or activated manually. Attribute management and mappings are also available for individual directories, as are basic preferences such as how to handle deactivation and changes to attributes (with the option to use your directory as a master or inherit modifications of other systems).

While other IDM solutions integrate with a few human resource (HR) systems, Okta’s positioning as an extensible platform is mature enough for the company to offer integration capabilities for BambooHR, UltiPro , SAP SuccessFactors, etc. Each of these can be configured as a registration system for individual attributes, which can then be routed to directories or applications based on your individual business needs.

Okta’s workflows offer tremendous flexibility in exchange for varying levels of effort, and they fall into a few different categories. You can configure automations to run on a schedule and perform certain actions when members of specified groups exceed an inactivity threshold or when a password expiration is due. Comprehensive workflows support a wide range of complexity and connectors that range from Google Workspace and Microsoft 365 apps to much more advanced services like those found in Amazon Web Services (AWS) or Microsoft Azure. Workflows can trigger based on events in Okta or events that occur in connected apps, and perform actions in Okta with advanced logic such as searches, string manipulation, and even connectivity to third-party APIs.

Applications and approvals

Most IDM suites offer some level of help setting up and enabling single sign-on in applications. Usually very basic instructions are provided on where to configure the SSO connection on the application side. This is by necessity a manual process, in fact a Herculean effort for any IDM considering the number of applications available in vendor application catalogs and the number of changes that can occur from the side of the. application.

Okta does a better job than most at keeping these instructions up to date, generally making the implementation a matter of copy and paste rather than having to disassemble URL strings or navigate the app to find them. details required. Okta also offers a number of additional options for individual apps, including a direct login link and the ability to use custom login or access error pages.

Okta rights and user permissions

A major factor in choosing an IDM platform is the flexibility of the solution. Not only are all businesses different in the way they manage identities and applications, each business may have different needs for different applications, and the requirements may change even more as organizations evolve.

A great example of Okta’s flexibility are the assignments in the app. You can easily assign users or groups directly to individual apps, or use a separate tool to assign multiple apps to multiple people at once. Each app can also be enabled for self-service, allowing users to search for the app and add it to their portal or request approval from one or more users or groups. Assignment reports (current assignments and recent assignment removals) can be run from an app’s settings page, allowing you to easily monitor access and ongoing changes.

In-depth policy management

Okta offers policies distributed in specific locations around the platform covering key areas such as applications, multi-factor authentication (MFA), and behavior detection. While not strictly a policy feature, integration with device management platforms is integral to determining the level of risk associated with a particular user action. Device Trust enables integration with a variety of tools used for device management, including the major MDM platforms mentioned above for Apple iOS and Google Android devices.

Okta Multi-Factor Authentication Enrollment

MFA is one of the most common reasons to use an IDM solution, and Okta offers a number of MFA factors and makes it easy to activate them. Additionally, you have the option to configure policies regarding factor enrollment, such as requiring executives to have an RSA token enrolled and standard users to have required SMS or emails, but optionally offer the use of authentication applications like Google Authenticator or Okta Verify (Okta’s mobile application MFA solution of the application).

Okta behavior detection

Sign-in policies can be applied to individual applications to fine-tune the authentication requirements imposed before a user is granted access, including assessing whether a trusted device is being used or whether the authentication attempt is made. exceeds a risk threshold based on past behavior. Login policies may prevent a user from fully authenticating or require an additional factor if certain conditions are met.

A good thing about Okta’s approach to behavior detection is that you can adjust the individual factors assessed for risk based on your needs. In some cases this is based on the specificity of the factor itself (for location-based factors, for example, you might not be concerned about an attempt to authenticate a new city or town or city. ‘a new state, but that of a new country may raise some flags). You also control the number of previous authentication attempts used to identify a usage pattern.

Prices and packages

Okta’s pricing structure is more complex than that of many competitors as it is largely a la carte. However, it is also quite competitive, although the company dictates a minimum contract of $ 1,500 per year, which means that very small businesses may need to look for a less expensive solution such as BIO-key PortalGuard.

Single Sign-On (SSO) features are available starting at $ 2 per month per user and include options such as basic MFA authentication, application access policies, and integration with unlimited number of users. directories (Active Directory and LDAP). To get behavior-based policies, you can upgrade to Adaptive Single Sign-On for $ 5 per month per user. Additional MFA factors can be acquired with the MFA add-on for an additional $ 3 per month per user, and the context-based MFA application is available with an adaptive MFA option for $ 6 per user per month.

Lifecycle management is offered in standard and advanced levels for $ 4 or $ 6 per user respectively. The former adds things like in-app provisioning, approval workflows, app access reports, and attribute management, while the advanced service offers full automation and workflows. For an additional $ 2 per month per user, an advanced lifecycle management mastery add-on supports the provision of identities from HR applications.

Okta is somewhat complex to purchase and configure, unless you’re an IT professional with some experience with IDM, but its array of features will satisfy virtually any scenario. That and its multitude of strong management tools overcome its higher price tag and earn Okta our Editors’ Choice award in this round of IDM tests.