Okta Workforce Identity Reviews

We use Okta Workforce Identity for single sign-on (SSO).

One of the most beneficial features of the solution is the user provisioning and the de-provisioning feature. With the solution's universal directory, you can have all the user attribute information in one place. You can store it on Okta instead of in multiple places like your AD, applications, or different IdPs. You can get all the user attribute data onto your Okta, and then you can customize it. Okta allows you to modify the user attributes, which is also one of the useful features of Okta Workforce Identity.

Because it's a password-less authentication for personal sign-on, users don't need to use a password for it. That's how Okta comes into the picture, where it identifies the user based on the certificates for authentication. In that way, it also doesn't reveal the user identity to the applications if there is a man-in-the-middle (MITM) attack.

Okta Workforce Identity uses the System for Cross-domain Identity Management (SCIM) protocol for provisioning and de-provisioning. That is also one of the benefits of having your application's functionality on a platform like Okta Workforce Identity. It's easy from an admin point of view because when you de-provision a user on Okta, it will remove all the access from the respective applications without needing anything at the application level.

Because it's a cloud-based platform, installing the agents is the only integration you need to do in your current environment. You can have their agents installed on your Active Directory servers.

The integration is quite easy for other cloud applications. They have their own catalog of all the applications you can search and integrate. Applications like Microsoft Office 365 and Salesforce are already hosted on Okta. It's just a matter of configuring the applications with your company's metadata into your applications.

The solution's user interface needs to be improved and made easy. It has a lot of repetitive things. The solution should have a single pane of interface for admins.

I have been using Okta Workforce Identity for six months.

I rate Okta Workforce Identity an eight out of ten for stability.

Since it's a cloud-based platform, I haven't faced any scalability issues with Okta Workforce Identity. Our clients for Okta Workforce Identity are enterprise businesses.

I rate the solution an eight out of ten for scalability.

The solution's technical support depends on the service level. Okta has certain packages, like gold or silver levels. If you have a silver-level agreement with Okta, you can get the right support at the right time.

Neutral

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup an eight out of ten.

Okta Workforce Identity is one of the market's leading and stable identity solutions.

Overall, I rate the solution an eight out of ten.

We use the solution to give access to the server. It verifies and allows users to access the server.

The product is easy to use. I just have to click on the Okta app on my mobile. The verification takes two seconds. We need to verify once we start the software because we use single sign-on.

The stability could be better.

I have been using the solution since April. I am using the latest version of the solution.

I rate the tool’s stability an eight or a nine out of ten.

Around 2000 to 3000 people use the product in our organization.

The deployment was done in-house.

I would recommend the product to others. It is a good solution. Overall, I rate the tool an eight out of ten.

We are primarily trying to uncover the differences between this product and JumpCloud. 

Okta has its own Active Directory, which is the main core of your identity and from Okta, you can easily reply to other services, like Google Workspace. You can synchronize everything.

It is very easy to implement. We just followed the documentation and followed the steps to connect to our services. They have all of these recommendations in place. If you follow the process, it's very straightforward. 

The synchronization of services is very easy. 

It offers very helpful support. The technical team is very helpful. 

It is scalable.

The solution is always very stable and reliable. 

I'm not sure what areas need improvement. They are at the top in terms of identity management. I can't find any shortcomings. 

We don't need any additional features as it covers more than our needs. It's a massive tool. 

The solution is very expensive.

We have tried a 30-day trial and implemented in our lab.

The stability is great. I'd rate it eight out of ten. There are no bugs or glitches. It doesn't crash or freeze. 

We have temporary accounts right now. We have six or eight accounts and the same number of devices. 

The scalability is pretty good. I'd rate it eight out of ten. It can expand. 

Technical support is excellent. They are helpful and responsive.

Positive

I've also used JumpCloud and have started to compare these two solutions. 

The initial setup is complex. However, you have all of the documentation and if you follow the directions, you can manage the setup well. It will be done correctly. Also, if you need help, their support is also available, and they are quite helpful. 

We had two people handling the deployment. 

It might take a lot of time to achieve an ROI. However, it simplifies a lot of duties. Likely, you'd see a return in the future. 

We are using the 30-day free trial.

The solution is expensive. I'd rate it one out of ten in terms of affordability. 

I cannot recall the version we were using. However, my understanding is that the trial version is the same as the full solution. 

You do have to follow the documentation for your specific case. Okta is a massive tool. It covers a lot of use cases and likely will cover more of the company's actual needs. It's a good idea to be specific about your needs.

I'd rate the solution ten out of ten. 

SSO and MFA: To extend Identity Authentication on the existing IAM identity and account operations to the multiple domains for administrative and help desk personnel. Improve consistency of the identity management processes across the organization and improve compliance with governance mandates.

The access management with Okta revolves around the establishment of a single authentication store (reducing the number of accounts), which will allow the migration of existing applications to federations, or a common identity store. It will also establish a suite of centralized authentication services that can be used for future applications and systems platforms.

• Enabled MFA to access federated applications as well as increased user satisfaction through improved provisioning times and more reliable processes. 
• Reduced costs associated with paying for AD accounts for customers who use corporate applications (currently 4000+ customer IDs exist within the AD forest – these require a license at a substantial cost to the organization). 
• Increased productivity through centralization of IAM Authentication - Authorization operations to a single tool (ISIM), and better operational resiliency with distributed administration (Common tasks can now be handled by a more diverse set of individuals across the organization.

SSO and MFA for improved end-user experience, and protection against password spray attacks, account password self-service. Extend Identity Authentication and authorization management operations. Extend the existing IAM identity and account operations to divisional administrative and help desk personnel. This improves the consistency of the identity management processes across the organization. Obfuscating the AD account infrastructure from the application infrastructure to reduce risk and vulnerabilities associated with tying externally facing applications to corporate accounts.

• Passwordless authentication. 
• Integration with the user provisioning infrastructure to track all entitlement changes; simplify the modeling of the role and access definitions at every stage of the user life cycle.  
• Automation of the entire entitlement and role review process, in alignment with business needs and requirements as stated by business leaders and managers. 
• Oversight in the form of dashboards reconciling and centralizing information for immediate insight into the status of access reviews and certification processes.

3 years.

They work really well.

I did not have another access management solution in place prior to implementing.

It was straightforward for access management with SSO and MFA. It was complex to implement password synchronization between AD domains.

We implemented directly with the solutions provider.

We evaluated IBM Access Manager but decided to go with a cloud-based product.

Our organization only uses Okta for single sign-on. Everybody is working from home, so we need a multi-factor authentication solution for remote users. We have around 70,000 users. 

Okta integrates well with other solutions. Once you have integrated an application into Okta and onboarded a user, they will be onboarded for just-in-time provisioning. 

The error logging could be improved. Okta doesn't provide enough details when you are troubleshooting an issue. It's often difficult to fix it from our end, so we always need additional support from Okta.

I have worked with Okta for two years.

I rate Okta six out of 10 for stability. We don't see many bugs, but the product doesn't support some of our custom requirements. We have to submit feature requests that they implement later. 

I rate Okta six out of 10 for scalability. In January, they were doing something on their side, and a cell was down. The US was completely down, and most users had problems logging into. Okta confirmed that auto-scaling was not happening properly from their end.

I rate Okta support eight out of 10. 

Positive

The company used RSA before I joined. I believe they switched because they preferred a SaaS platform, and RSA was late to adopt this model. RSA is excellent as an on-prem solution, but they didn't transition to the cloud until later. 

I rate Okta eight out of 10 for ease of setup. It's a SaaS product. You can configure it in a few hours. It takes additional time if you use on-prem agents. Active Directory has some other agents that must be integrated. It will take additional time. Otherwise, it won't take much time. You need three people at most to deploy it. Usually, one person deploys the solution, and two other people are on standby. 

I rate Okta Workforce Identity eight out of 10. 

We've been using this solution for SSO and consolidation of IDs.

This solution brought us the SSO perspective, and this is the main reason we're using it.

The only thing I like about Okta Workforce Identity compared to other solutions in the market is that it's an easy resource that you can get, even if you're working with many users, but there is a lot to learn about it.

There are many things that Okta has to improve on. I understand that Okta has a lot of apps, like any other provider, e.g. Microsoft apps, IDP apps, or cloud identity apps.

The problem with Okta is that they create the app and they never update. In this fast-paced industry where versions keep getting updated, Okta is really slow at times.

None of the Okta applications that they create, for example, in my case: I have used the cloud identity of Microsoft apps and now I'm using the off tabs. What I found is none of the single Okta apps that we have worked and did not create an issue. They are not fully mature. So it's that aspect that can be improved, which Okta is investigating. Their application support and not having updates for those applications also need to be improved. These are the things that surprised me and I was not able to understand from Okta.

Okta's customer support should be improved.

Okta should work with certain providers, e.g. the Google cloud, the AWS cloud, the Microsoft cloud, and they should evaluate the integration point because what happens is if your organization has SSO which relies on Okta, all of these three clouds and the Okta app are far from perfect. You are not able to get the right setup based on how your security is trying to define it vs what the application can support. You'll end up using the default interface Okta provides with those apps.

I understand Okta could say that if they shouldn't worry about it because if AWS wanted to support Okta, then AWS should be the one providing us the app and support, but Okta should try to understand the users, do surveys from the different automation using Okta, and use different apps because those apps are very critical. They are far from perfect, so Okta has the worst implementation.

I've used this solution in the last 12 months. We've been using it for six years.

This solution is stable and reliable. We didn't find the solution itself hard to use.

The scalability of this solution is bad. Scalability has two or three different meanings to it.

Is it scalable from the infrastructure side of it? The answer is yes.

Is this scalable from the business perspective? The answer is no. For example, the B2B and the B2C solutions that others provide, those aspects in Okta are completely lacking.

For example, if I have the Microsoft Azure Active Directory, I have the B2C, B2B, and the phase rate, so I have a way to not only support my enterprise but my end customers in a very fast manner. In the case of Okta, that whole path is a nightmare to work with.

I didn't like Okta's support. They say they have very good support, but the moment you create a ticket, they will tell you that they provide the app, but they cannot provide support because we connected the app to another environment, or to another side of the spectrum. This seemed very odd to me.

First, we are using the application you specified, then you say you cannot support this application just because the value provided is outside of this application, so you cannot troubleshoot or help us to troubleshoot if we open a ticket. Every single time it's a chicken and egg type of situation. From that perspective, Okta's support is horrible.

The setup was straightforward. Nowadays, all the other IDPs are the same way, too. I didn't find a single IDP that had no experience at the level, and all of them can stand up at the same time, within the same time frame.

With Okta, on the other hand, the requirement to have the ID server in between, whether it's the cloud-based ID server specified, or the on-prem base, like ours: It's on-prem, but what I found was that we were not able to do it even after following all the guidance unless we had a dedicated Okta person to help us do it. It was a different situation with Microsoft and cloud IDP which were easy to set up, as we were able to do it ourselves just by following the documentation.

We implemented the solution through an integrator consultant. They are fine. They are doing the job on a daily basis.

This solution is costly.

With Microsoft, you get the exact same information that Okta gives out of the box: free, because that's what Microsoft does, and even if I compare to other cloud IDPs, with Okta, access may offer free access for startups, and if you have fewer users, it's okay. Pricing is decent. The moment you talk about the enterprise level, for example, we were talking about implementing Okta across the US with multiple customers, and the cost they gave us was two million dollars. The cost is not justified for the single assets of this solution, so Okta is bad in those terms.

We've been evaluating Microsoft Azure Active Directory. It's still in the POC phase, and it's been three or four months. We have very particular requirements, e.g. a mix of multiple IDPs with Okta, and Azure Active Directory is one of them, but that is the only one where we don't have the solution. We are trying to do the POCs first to ensure that they are able to meet our needs.

The reports I downloaded were very informative. The things that we were trying to do is generally the One ID and software entitlement. Our customers find them more useful than the Microsoft Azure side of it. They know that the functionality exists and they are able to use that functionality, but the intuitive nature of managing the entitlement was not there. We also had a requirement where we wanted to mix the Okta in between, for the SSO, so I was trying to collect as much information as I can get and that information was helpful.

Whenever you search for the Okta documentation, for example, if we search for cloud IDP and Microsoft-related documentation, it's only on Microsoft's site we get the help we need, including help from the community. Okta's community, when you Google it, is lacking because it only contains help or information about Okta products because Okta users are only able to use the product in a standard way.

This surprised me especially because Okta has such a good name, but the bottom line is, if you ask me as a decision-maker or the one who influences decisions in our organization, if I was going to choose Okta as our SSO provider, my answer will be flat NO.

The initial implementation of this solution took three months. It's a very simple and standard implementation, so that's never been a problem.

A hundred users are currently using this solution in our organization. It doesn't require heavy maintenance.

Working with Okta can be restrictive, and this is where Okta doesn't shine.

This solution is being used extensively in our organization. Increasing its usage will depend on whether they are able to convince the Infotech folks, and that's what's happening.

The advice I would give to others looking into implementing this solution is for them to first try to understand it. They should not confine themselves to selecting Okta, thinking that it's the end solution. They should look at their future needs too because once they implement Okta without considering their future needs, they will have to do a lot of hacks and tricks. Before they even delve into Okta, they have to first think about their future and how much this solution will cost in the long run.

This solution meets the need, but that's all, so I'm rating it a six out of ten.

My primary use case is to have a single sign-on and to have identity access management. I'm the team management manager and we are customers of Okta. 

Having a single sign-on to all our applications.

With the device applications, when you are checking the logs, you can't hide the device and that's a feature that's missing. I'd like to see MDM source added. 

I have used this solution for a year. 

The solution is good on scalability and stability. 

The company has very good tehnical support and they respond quickly. 

The initial setup wasn't so easy but it wasn't too complex either. We had assistance from Okta for the installation. Implementation didn't take long, maybe two or three days but we had some issues with some applications, and we had to postpone our deployment for about two months because of that. There's no maintenance required. We have about 300 users dealing with the solution in the company and it's used daily. We have no plans to increase usage for now.

I think the approximate cost for the license is somewhere between $20,000-$21,000 a year and that includes everything. 

I think this is a good solution, I would recommend it. 

I would rate this solution an eight out of 10. 

Okta has recently built Okta Identity Engine (OIE). It has a lot more capabilities than the classic engines. The certificate-based system is one thing, and third-party tools like Intune and Jamf for iOS devices. There is a trust relationship between these device management tools, and that contributes to control over the end-user devices.

Scalacity was a company acquired by Okta, and its technology was integrated into Okta's Advanced Server Access (ASA) product.

Okta has introduced the Universal Directory. It has custom attribute capability and user permissions to read/write on their profiles or hide them. Profile sources and identity profile sourcing are two different components that I haven't seen in other products.

Okta can import many attributes into the Okta profile and send attributes from the engines. Multiple sources of truths and profile inheritance are done in granular ways. This plays a major role in ABACs going forward.

Okta's MFA features are good. Okta is looking forward with more on the push or less, relying on the Okta Verify factors. It also has extensive capabilities. It's adopting a layer-by-layer upgrade in developing the policies, like MFAs.

Okta has more when it comes to the policy level. It has distinctive features where you can do a mix and combination to have users access applications for various business cases. That's something unique and a selling feature.

Okta has a limitation with directory integrations. If you have multiple Active Directory integrations, the user distinguished name (DN) and the manager DN don't get imported properly into the Okta user profile. It has a property of Get AD user's property, but that has limitations when writing an expression language to import changes or updates to user DNs or manager DNs from AD, especially if you have AD master users.

Also, Okta doesn't have a partial push. It pushes down the full profile schema for lifecycle management or provisioning. Even if only one attribute gets updated, even though it is unmapped, it can override other values in the downstream application by nullifying the query. That's the biggest flaw in my experience.

The product releases a lot of brand-new features within the quarterly releases.

It's definitely the leading Identity Access Management cloud platform. I have experience with Okta for almost six to eight years now.

I've been an Okta-certified consultant since last year. I got an opportunity to work on the workforce as well as the customer side.

I have experience with more than eight Okta tenants parallelly due to various business cases across my career. Ultimately, this product itself is a pioneer in Identity Access Management.

Scalability works very well. I've worked so far with Okta. It's like the heartbeat of that company. If Okta goes down, people are unable to authenticate anywhere. They can't get into applications. So there's a lot of dependency on Okta within the businesses and environments that I've seen so far. It's very critical.

The customer service and support are awesome. They have a CSM assigned for each organization, and they are pretty much responsive to any events that occur. Or if there are any escalations or incidents that impact the business, they're pretty much around in a timely fashion to support the organization.

We have the flexibility with our CSMs to reach them in any manner, email or phone, and they're available most of the time.

Positive

We have long relationships with other vendors for things like Identity Governance and Privileged Access Management. But one thing I've noticed is that Okta has been expanding into wider ranges. 

But, there are limits and restrictions to the existing features, which are not fully developed yet. Okta have added a lot of tech in the last couple of years.

I'm not a hundred percent sure about the return of interest because it is very much dependent on the size of the organization.

I came from smaller organizations working, like, midscale to, like, large scale. So overall, like, the security breach, like, there are, like, two to three security breaches that have happened, but nothing has been damaged so far for the organization.

So, investing more in Identity access management is a critical investment for any operation as applications are moving to like cloud and SaaS-based. So, there is a dire need to protect the digital identities of enterprise tech employees as well as their customers.

There are a lot of features you can automate. Okta Workflows is a key feature that has a separate pricing than adaptive MFA or SSO. It's a combination, but Okta has features and capabilities to reduce the IT burden. Within my experience, it's been helpful so far with a lot of overhead work that comes with onboarding and offboarding.

The pricing itself is a bit more expensive than the other products in the market so far. Since I know the product is in full demand. But, again, the price texture, features, and everything suits well for small to medium.

But, for larger organizations, it's more expensive than the other platforms. But, usually, licensing is a bit expensive.

I definitely recommend Okta. It has all the features you can utilize to protect any organization's digital entities. Considering a lot of other factors, like cost and the overall features the company wants to use. If you want to use Identity Governance, Identity Access Management, or Privileged Access Management, that's a different story. It's also a different story if you're using other products for different needs.

Overall, I would rate the solution an eight out of ten.