Okta Workforce Identity Reviews

SSO and MFA: To extend Identity Authentication on the existing IAM identity and account operations to the multiple domains for administrative and help desk personnel. Improve consistency of the identity management processes across the organization and improve compliance with governance mandates.

The access management with Okta revolves around the establishment of a single authentication store (reducing the number of accounts), which will allow the migration of existing applications to federations, or a common identity store. It will also establish a suite of centralized authentication services that can be used for future applications and systems platforms.

• Enabled MFA to access federated applications as well as increased user satisfaction through improved provisioning times and more reliable processes. 
• Reduced costs associated with paying for AD accounts for customers who use corporate applications (currently 4000+ customer IDs exist within the AD forest – these require a license at a substantial cost to the organization). 
• Increased productivity through centralization of IAM Authentication - Authorization operations to a single tool (ISIM), and better operational resiliency with distributed administration (Common tasks can now be handled by a more diverse set of individuals across the organization.

SSO and MFA for improved end-user experience, and protection against password spray attacks, account password self-service. Extend Identity Authentication and authorization management operations. Extend the existing IAM identity and account operations to divisional administrative and help desk personnel. This improves the consistency of the identity management processes across the organization. Obfuscating the AD account infrastructure from the application infrastructure to reduce risk and vulnerabilities associated with tying externally facing applications to corporate accounts.

• Passwordless authentication. 
• Integration with the user provisioning infrastructure to track all entitlement changes; simplify the modeling of the role and access definitions at every stage of the user life cycle.  
• Automation of the entire entitlement and role review process, in alignment with business needs and requirements as stated by business leaders and managers. 
• Oversight in the form of dashboards reconciling and centralizing information for immediate insight into the status of access reviews and certification processes.

3 years.

They work really well.

I did not have another access management solution in place prior to implementing.

It was straightforward for access management with SSO and MFA. It was complex to implement password synchronization between AD domains.

We implemented directly with the solutions provider.

We evaluated IBM Access Manager but decided to go with a cloud-based product.

We use the product to manage access and identify several applications.

The product’s most valuable feature is multifactor authentication. It has an easier integration and configuration management process than Microsoft Entra ID. We can integrate it into different platforms.

An area for potential improvement in Okta lies in the absence of a dedicated feature for backing up the configuration of our tenants. It is challenging to obtain a comprehensive backup. We have to manually document all the configurations. They could provide a built-in tool for creating backups mitigating potential issues or crises.

We have been using Okta Workforce Identity for five years.

The technical support services are good. They respond to the queries immediately.

Positive

Compared with Okta Workforce Identity, Microsoft Entra ID is challenging to use in terms of integration and troubleshooting.

The initial setup is simple. I rate the process an eight out of ten. It takes a few weeks to complete the integration for different projects. It is a reasonable time.

The deployment team includes administrators for the applications, as they are responsible for configuring integrations from their side. The administrator plays a crucial role in integrating the Active Directory. The project may require a collaborative effort of approximately three to five individuals. It requires two engineers for maintenance.

The single sign-on (SSO) capability in Okta has significantly streamlined the user experience. It provides an ease of accessing applications. The subsequent access to other applications within the same browser is automatic, eliminating the need to initiate the multi-factor authentication (MFA) process repeatedly. We can define trusted sources and policies depending on the security requirements.

The centralized approach to managing everything from a central point has streamlined administrative tasks, eliminating the need to navigate through different systems for user and role management. It is one of the best solutions. We find a lot of information on their support website.

The overall reliability is commendable, as the platform strategically replicates its systems across various clouds, minimizing the likelihood of service disruptions. Over the past five years, we have not encountered any problems with the service.

I rate it a nine out of ten.

I am just an end user of the product, so I don't know how the product is used in remote force management in our company. I use the product to help me log on to our company's security systems.

When I was traveling, I could get my OTPs through the tool's app, through my cell phone number or via an SMS,which makes it a flexible product. The tool is helpful even in areas involving emails. It is possible to use the product in another country and add an extra layer of security to it, proving that it can be a really secure platform.

I use the tool at a low level, so it does what I need it to do for me.

The product does not offer enough integration capabilities. I want the tool to provide more integration capabilities in the future.

I have been using Okta Workforce Identity for two years.

Stability-wise, I rate the solution a ten out of ten.

It is an easily scalable solution. When it comes to the scalability features, the product has many options for people in different countries, offices, and remote locations.

I believe that there are around 1,500 users of the tool in my company.

I did contact the product's support team when my password got locked out. I could even reset the whole password from Okta easily through the tool's internal app. The support team was good.

The product's initial setup phase is straightforward.

The solution is deployed on the cloud since it is used at a company-wide level in South Africa.

Though I am not sure, I feel that during the implementation phase, my company did seek the help of a consultant and our organization's in-house team.

In terms of benefits offered by the product, I can say that the tool has centralized our company's security and internal policies while ensuring that we stay compliant so that the users stay protected. With the product in place, no phishing attacks or any other types of attacks can cause a problem since it is a secure platform.

Though I don't know about the licensing model of the product, I wouldn't be surprised if Okta offers a per user license subscription model.

The employee onboarding process is okay if you use Okta Workforce Identity.

The SSO feature offered by the product is good, easy to use, and user-friendly. The tool also has a password manager as well.

The tool's MFA part comes as one of the strongest features of the product.

I feel that it is a good platform with a good security layer, especially when you are scaling out your business, and you have to manage a lot of areas.

I ate the tool a ten out of ten.

Our organization only uses Okta for single sign-on. Everybody is working from home, so we need a multi-factor authentication solution for remote users. We have around 70,000 users. 

Okta integrates well with other solutions. Once you have integrated an application into Okta and onboarded a user, they will be onboarded for just-in-time provisioning. 

The error logging could be improved. Okta doesn't provide enough details when you are troubleshooting an issue. It's often difficult to fix it from our end, so we always need additional support from Okta.

I have worked with Okta for two years.

I rate Okta six out of 10 for stability. We don't see many bugs, but the product doesn't support some of our custom requirements. We have to submit feature requests that they implement later. 

I rate Okta six out of 10 for scalability. In January, they were doing something on their side, and a cell was down. The US was completely down, and most users had problems logging into. Okta confirmed that auto-scaling was not happening properly from their end.

I rate Okta support eight out of 10. 

Positive

The company used RSA before I joined. I believe they switched because they preferred a SaaS platform, and RSA was late to adopt this model. RSA is excellent as an on-prem solution, but they didn't transition to the cloud until later. 

I rate Okta eight out of 10 for ease of setup. It's a SaaS product. You can configure it in a few hours. It takes additional time if you use on-prem agents. Active Directory has some other agents that must be integrated. It will take additional time. Otherwise, it won't take much time. You need three people at most to deploy it. Usually, one person deploys the solution, and two other people are on standby. 

I rate Okta Workforce Identity eight out of 10. 

We've been using this solution for SSO and consolidation of IDs.

This solution brought us the SSO perspective, and this is the main reason we're using it.

The only thing I like about Okta Workforce Identity compared to other solutions in the market is that it's an easy resource that you can get, even if you're working with many users, but there is a lot to learn about it.

There are many things that Okta has to improve on. I understand that Okta has a lot of apps, like any other provider, e.g. Microsoft apps, IDP apps, or cloud identity apps.

The problem with Okta is that they create the app and they never update. In this fast-paced industry where versions keep getting updated, Okta is really slow at times.

None of the Okta applications that they create, for example, in my case: I have used the cloud identity of Microsoft apps and now I'm using the off tabs. What I found is none of the single Okta apps that we have worked and did not create an issue. They are not fully mature. So it's that aspect that can be improved, which Okta is investigating. Their application support and not having updates for those applications also need to be improved. These are the things that surprised me and I was not able to understand from Okta.

Okta's customer support should be improved.

Okta should work with certain providers, e.g. the Google cloud, the AWS cloud, the Microsoft cloud, and they should evaluate the integration point because what happens is if your organization has SSO which relies on Okta, all of these three clouds and the Okta app are far from perfect. You are not able to get the right setup based on how your security is trying to define it vs what the application can support. You'll end up using the default interface Okta provides with those apps.

I understand Okta could say that if they shouldn't worry about it because if AWS wanted to support Okta, then AWS should be the one providing us the app and support, but Okta should try to understand the users, do surveys from the different automation using Okta, and use different apps because those apps are very critical. They are far from perfect, so Okta has the worst implementation.

I've used this solution in the last 12 months. We've been using it for six years.

This solution is stable and reliable. We didn't find the solution itself hard to use.

The scalability of this solution is bad. Scalability has two or three different meanings to it.

Is it scalable from the infrastructure side of it? The answer is yes.

Is this scalable from the business perspective? The answer is no. For example, the B2B and the B2C solutions that others provide, those aspects in Okta are completely lacking.

For example, if I have the Microsoft Azure Active Directory, I have the B2C, B2B, and the phase rate, so I have a way to not only support my enterprise but my end customers in a very fast manner. In the case of Okta, that whole path is a nightmare to work with.

I didn't like Okta's support. They say they have very good support, but the moment you create a ticket, they will tell you that they provide the app, but they cannot provide support because we connected the app to another environment, or to another side of the spectrum. This seemed very odd to me.

First, we are using the application you specified, then you say you cannot support this application just because the value provided is outside of this application, so you cannot troubleshoot or help us to troubleshoot if we open a ticket. Every single time it's a chicken and egg type of situation. From that perspective, Okta's support is horrible.

The setup was straightforward. Nowadays, all the other IDPs are the same way, too. I didn't find a single IDP that had no experience at the level, and all of them can stand up at the same time, within the same time frame.

With Okta, on the other hand, the requirement to have the ID server in between, whether it's the cloud-based ID server specified, or the on-prem base, like ours: It's on-prem, but what I found was that we were not able to do it even after following all the guidance unless we had a dedicated Okta person to help us do it. It was a different situation with Microsoft and cloud IDP which were easy to set up, as we were able to do it ourselves just by following the documentation.

We implemented the solution through an integrator consultant. They are fine. They are doing the job on a daily basis.

This solution is costly.

With Microsoft, you get the exact same information that Okta gives out of the box: free, because that's what Microsoft does, and even if I compare to other cloud IDPs, with Okta, access may offer free access for startups, and if you have fewer users, it's okay. Pricing is decent. The moment you talk about the enterprise level, for example, we were talking about implementing Okta across the US with multiple customers, and the cost they gave us was two million dollars. The cost is not justified for the single assets of this solution, so Okta is bad in those terms.

We've been evaluating Microsoft Azure Active Directory. It's still in the POC phase, and it's been three or four months. We have very particular requirements, e.g. a mix of multiple IDPs with Okta, and Azure Active Directory is one of them, but that is the only one where we don't have the solution. We are trying to do the POCs first to ensure that they are able to meet our needs.

The reports I downloaded were very informative. The things that we were trying to do is generally the One ID and software entitlement. Our customers find them more useful than the Microsoft Azure side of it. They know that the functionality exists and they are able to use that functionality, but the intuitive nature of managing the entitlement was not there. We also had a requirement where we wanted to mix the Okta in between, for the SSO, so I was trying to collect as much information as I can get and that information was helpful.

Whenever you search for the Okta documentation, for example, if we search for cloud IDP and Microsoft-related documentation, it's only on Microsoft's site we get the help we need, including help from the community. Okta's community, when you Google it, is lacking because it only contains help or information about Okta products because Okta users are only able to use the product in a standard way.

This surprised me especially because Okta has such a good name, but the bottom line is, if you ask me as a decision-maker or the one who influences decisions in our organization, if I was going to choose Okta as our SSO provider, my answer will be flat NO.

The initial implementation of this solution took three months. It's a very simple and standard implementation, so that's never been a problem.

A hundred users are currently using this solution in our organization. It doesn't require heavy maintenance.

Working with Okta can be restrictive, and this is where Okta doesn't shine.

This solution is being used extensively in our organization. Increasing its usage will depend on whether they are able to convince the Infotech folks, and that's what's happening.

The advice I would give to others looking into implementing this solution is for them to first try to understand it. They should not confine themselves to selecting Okta, thinking that it's the end solution. They should look at their future needs too because once they implement Okta without considering their future needs, they will have to do a lot of hacks and tricks. Before they even delve into Okta, they have to first think about their future and how much this solution will cost in the long run.

This solution meets the need, but that's all, so I'm rating it a six out of ten.

We are primarily trying to uncover the differences between this product and JumpCloud. 

Okta has its own Active Directory, which is the main core of your identity and from Okta, you can easily reply to other services, like Google Workspace. You can synchronize everything.

It is very easy to implement. We just followed the documentation and followed the steps to connect to our services. They have all of these recommendations in place. If you follow the process, it's very straightforward. 

The synchronization of services is very easy. 

It offers very helpful support. The technical team is very helpful. 

It is scalable.

The solution is always very stable and reliable. 

I'm not sure what areas need improvement. They are at the top in terms of identity management. I can't find any shortcomings. 

We don't need any additional features as it covers more than our needs. It's a massive tool. 

The solution is very expensive.

We have tried a 30-day trial and implemented in our lab.

The stability is great. I'd rate it eight out of ten. There are no bugs or glitches. It doesn't crash or freeze. 

We have temporary accounts right now. We have six or eight accounts and the same number of devices. 

The scalability is pretty good. I'd rate it eight out of ten. It can expand. 

Technical support is excellent. They are helpful and responsive.

Positive

I've also used JumpCloud and have started to compare these two solutions. 

The initial setup is complex. However, you have all of the documentation and if you follow the directions, you can manage the setup well. It will be done correctly. Also, if you need help, their support is also available, and they are quite helpful. 

We had two people handling the deployment. 

It might take a lot of time to achieve an ROI. However, it simplifies a lot of duties. Likely, you'd see a return in the future. 

We are using the 30-day free trial.

The solution is expensive. I'd rate it one out of ten in terms of affordability. 

I cannot recall the version we were using. However, my understanding is that the trial version is the same as the full solution. 

You do have to follow the documentation for your specific case. Okta is a massive tool. It covers a lot of use cases and likely will cover more of the company's actual needs. It's a good idea to be specific about your needs.

I'd rate the solution ten out of ten. 

My primary use case is to have a single sign-on and to have identity access management. I'm the team management manager and we are customers of Okta. 

Having a single sign-on to all our applications.

With the device applications, when you are checking the logs, you can't hide the device and that's a feature that's missing. I'd like to see MDM source added. 

I have used this solution for a year. 

The solution is good on scalability and stability. 

The company has very good tehnical support and they respond quickly. 

The initial setup wasn't so easy but it wasn't too complex either. We had assistance from Okta for the installation. Implementation didn't take long, maybe two or three days but we had some issues with some applications, and we had to postpone our deployment for about two months because of that. There's no maintenance required. We have about 300 users dealing with the solution in the company and it's used daily. We have no plans to increase usage for now.

I think the approximate cost for the license is somewhere between $20,000-$21,000 a year and that includes everything. 

I think this is a good solution, I would recommend it. 

I would rate this solution an eight out of 10. 

We use the solution for our single sign-on applications. It resolves password issues.

We use it for authentication and 90% of our SaaS app. 

We use it for on and off-boarding users. It syncs with our on-premises master directory to set them up and take them off.

We like that the solution helps us to streamline multifactor authentication.

It's got great SSO and good provisioning and de-provisioning. 

The product is easy to set up. 

It is stable.

The solution can scale very well.

I've been pleased with its capabilities overall. 

Support could be a bit faster.

I've used the solution for five years. 

The solution is stable. I'd rate its reliability ten out of ten. 

It's extremely scalable. It'd rate the solution's ease of expansion ten out of ten. 

We have 1500 users on the solution currently.

Support is good. However, sometimes it takes them a bit longer to deal with issues. 

Positive

We previously used a different solution. We moved to Okta as the GUI is very user-friendly, and the solution is simple to use. 

The initial setup is very easy. It's not complex. 

The deployment took a matter of three to four days for our hybrid setup.

K+Okta's team helped us deploy the solution. They made it very easy.

We have gotten an ROI in terms of time savings. We've seen 20% to 30% ROI, as it is saving us a lot of time. 

The pricing is a bit expensive. I'd rate it four out of ten in terms of affordability. It's a bit more expensive than our older solution.  

Okta charges per user, and that can make it costly if you are a big company.

We are customers and end-users. 

I'm using the latest version of the solution. 

I'd rate the solution eight out of ten. The pricing is a bit high, and they do charge per user. There are other options that are a bit less expensive.