Okta and Azure implementation question

Looking for research, links/opinions on Okta vs.  Azure AD.
 What is it Okta can do or do better than Azure?  Would you need Okta if you already have Azure implemented?  
Is it better for provisioning/de-provisioning accounts, apps?   Better on doing SSO/MFA?  Is Okta better than Azure?  

Please advice if anyone dealt with both.  Thanks in advance!
LVL 17
Tiras25Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
May not be doing justice to compare the two as Azure AD is really just an SSO platform and user management system for Azure and Okta is a web app SSO provider.

The overlap between the two is due to the fact that Azure AD, unlike AD, has built in web application SSO capabilities. In fact, Azure AD rivals strong web app SSO providers, like Okta, in the marketplace.

But i can understand the comparison need as most see both serves similar functions. Okta focuses on web app SSO, so it makes sense that IT admins would compare Azure AD and Okta, although Azure ADs services extend beyond SSO.

Let start the comparison; Okta is a cloud solution and Azure can still have hybrid option with ADFS on premises requires additional upfront CapEx costs. Yes Okta can integrate with on premise AD.

As any IT admin may have thought through, running ADFS which mist likely be doing, may simply not work if you are not running AD in your current IT environment. Starting fresh will suite okta instead although a lightweight Windows agent can be deployed to integrate with your AD without the need for dedicated servers or firewall changes, which can minimize your on-premises footprint. Okta uses a subscription model and costs $2 per user per month.

Some enterprises also don’t feel secure syncing user names and passwords up to a third-party company. On the other hand, some enterprises prefer not to be locked into a single vendor, either. Personal preferences also play a role in your decision.

In term of integrated solution, Azure has tools and services for on premise AD to sync to the cloud but it can be complicated as each service requires individual configuration and integration with the Azure AD cloud service. If you do not have that experience then can be challenging. Okta is a vendor-neutral cloud based identity and access solution.

Next is the provision of identity as a service, one critical area is on integration of existing human capital management (HCM) systems. Okta’s Workday Integration, the HR department can drive the entire employee lifecycle,  onboarding and offboarding and provide access to the apps and directories users need. Microsoft currently supports integration with Workday, while other HCM systems require custom integration using Microsoft Identity Manager and SQL servers.

Microsoft recommends deploying Office 365 with AD FS, Azure AD Connect, and Microsoft Identity Manager (MIM)—a process that can take about 18-24 months. Okta supports all of these requirements out-of-box, in 4 months. I know this sound like marketing pitch but it is an area seldom you have one to mark a SLA benchmark publicly.  Of course it is more applicable for medium and large organisations fir such benchmarks.  Smaller ones would be still comparable.  

With granular control of licensing, you have to manage it for office 365. For example, you could assign Microsoft E3 licenses with only Exchange and Lync enabled for your Sales team, while your Support team gets an E3 license with SharePoint Online enabled. Okta will automate everything.

Another aspect is in Security,  the key is flexibility and being adaptive. Microsoft offers a cloud-based solution for MFA, you would need to deploy their on-premises MFA server along with AD FS. Can be non trivial. Also you should look at one to provide strong authentication across all applications, and supports more third-party MFA factors like U2F, YubiKey, Smart Cards, Google Authenticator and more. Okta requires no on-premises MFA servers, and can be easier for use by both administrators and end users. Multiple, inconsistent security policies can create a security risk for the business if the integration is done in haste.

Actually, I am thinking Microsoft customers can still choose Okta for identity because of its strong partnership and broad integration with Microsoft products. We should also look at which can fare welk to integrate identities from any number of Active Directory domains and reduces the directory cleanup and reconciliation process.

There are many question to ask the providers too. So do check out with them too.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Okta

From novice to tech pro — start learning today.