There is room for Okta Customer Identity to improve by increasing the reliability for the server end, creating more directories, and focusing on internal users rather than external or contract-based ones. Additionally, extending idle session times from ten milliseconds to at least forty-five seconds would be beneficial. It is also suggested that patches be applied annually rather than quarterly.
Architect at a tech services company with 1-10 employees
Real User
Top 5
2024-05-02T20:48:39Z
May 2, 2024
Okta has a limitation with directory integrations. If you have multiple Active Directory integrations, the user distinguished name (DN) and the manager DN don't get imported properly into the Okta user profile. It has a property of Get AD user's property, but that has limitations when writing an expression language to import changes or updates to user DNs or manager DNs from AD, especially if you have AD master users. Also, Okta doesn't have a partial push. It pushes down the full profile schema for lifecycle management or provisioning. Even if only one attribute gets updated, even though it is unmapped, it can override other values in the downstream application by nullifying the query. That's the biggest flaw in my experience. The product releases a lot of brand-new features within the quarterly releases. There's a feature roadmap for Okta CIM, and most of it is coming in with a lot of users or the customer side.
The product must be provided for free. We cannot substantiate the cost with the features provided by the tool. Microsoft provides similar features for free. I don’t see any extra features in Okta.
There are areas for improvement. One thing that seems odd to me is the lack of a built-in way to export all user data. They have a solution available on GitHub that they basically endorse, and it's developed internally, but for some reason, it's not integrated into their product. So, that's a peculiar aspect. Instead, the support says they don't offer it but provide an alternative solution that we have to manage separately. So, it's a situation where they don't want to include it in their product, but they offer assistance outside of it? It's unclear what kind of support you would need for it. It just works. Another area of improvement is scalability.
What I'd like to see improved in Okta Customer Identity is the process of exporting users. Currently, it lacks this feature, and you have to use a third-party tool to export users from the group. Exporting users should be very easy, though I did notice that Okta Customer Identity is being upgraded from time to time, and I've been seeing much improvement in it compared to the previous years.
There is an access request system that is very limited access to the systems available for end-users. The access request should improve in Okta Customer Identity.
The solution works well. I can't speak to any areas of improvement. In the future, we'd like to see the product implement more security features, like, for example, zero-trust.
I would like to see the provisioning simplified. When it comes to certain tasks, such as where it is activated on-premises, Azure AD is simpler than Okta. SSO functionality needs better client support.
Senior Security Architect South Europe at a tech services company with 10,001+ employees
Real User
2019-11-07T10:35:00Z
Nov 7, 2019
This solution would be improved by adding more biometrics features. One example is Cyberside Biometrics. The technical support is good but needs to improve in their response time. In the next release, I would like to see biometrics, multi-factor authentication, and to rely more on the mobile or something different on CyberSide.
Okta Customer Identity is an identity service that enables frictionless experience, speed-to-market, centralized management, and internet-scale security. Okta Customer Identity is developer friendly and secure with minimal custom code.
There is room for Okta Customer Identity to improve by increasing the reliability for the server end, creating more directories, and focusing on internal users rather than external or contract-based ones. Additionally, extending idle session times from ten milliseconds to at least forty-five seconds would be beneficial. It is also suggested that patches be applied annually rather than quarterly.
Okta has a limitation with directory integrations. If you have multiple Active Directory integrations, the user distinguished name (DN) and the manager DN don't get imported properly into the Okta user profile. It has a property of Get AD user's property, but that has limitations when writing an expression language to import changes or updates to user DNs or manager DNs from AD, especially if you have AD master users. Also, Okta doesn't have a partial push. It pushes down the full profile schema for lifecycle management or provisioning. Even if only one attribute gets updated, even though it is unmapped, it can override other values in the downstream application by nullifying the query. That's the biggest flaw in my experience. The product releases a lot of brand-new features within the quarterly releases. There's a feature roadmap for Okta CIM, and most of it is coming in with a lot of users or the customer side.
The product must be provided for free. We cannot substantiate the cost with the features provided by the tool. Microsoft provides similar features for free. I don’t see any extra features in Okta.
We faced a bit of an issue integrating the product with some applications. The integration process takes a bit longer than we would want it to.
There are areas for improvement. One thing that seems odd to me is the lack of a built-in way to export all user data. They have a solution available on GitHub that they basically endorse, and it's developed internally, but for some reason, it's not integrated into their product. So, that's a peculiar aspect. Instead, the support says they don't offer it but provide an alternative solution that we have to manage separately. So, it's a situation where they don't want to include it in their product, but they offer assistance outside of it? It's unclear what kind of support you would need for it. It just works. Another area of improvement is scalability.
What I'd like to see improved in Okta Customer Identity is the process of exporting users. Currently, it lacks this feature, and you have to use a third-party tool to export users from the group. Exporting users should be very easy, though I did notice that Okta Customer Identity is being upgraded from time to time, and I've been seeing much improvement in it compared to the previous years.
There is an access request system that is very limited access to the systems available for end-users. The access request should improve in Okta Customer Identity.
The solution works well. I can't speak to any areas of improvement. In the future, we'd like to see the product implement more security features, like, for example, zero-trust.
The initial setup could be easier to do.
All of the governance functionality and privileged account management could be improved.
I would like to see the provisioning simplified. When it comes to certain tasks, such as where it is activated on-premises, Azure AD is simpler than Okta. SSO functionality needs better client support.
This solution would be improved by adding more biometrics features. One example is Cyberside Biometrics. The technical support is good but needs to improve in their response time. In the next release, I would like to see biometrics, multi-factor authentication, and to rely more on the mobile or something different on CyberSide.
The Identity Management part can be improved a bit.