Okta and Azure implementation question

Tiras25
Tiras25 used Ask the Experts™
on
Looking for research, links/opinions on Okta vs.  Azure AD.
 What is it Okta can do or do better than Azure?  Would you need Okta if you already have Azure implemented?  
Is it better for provisioning/de-provisioning accounts, apps?   Better on doing SSO/MFA?  Is Okta better than Azure?  

Please advice if anyone dealt with both.  Thanks in advance!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Exec Consultant
Distinguished Expert 2018
Commented:
May not be doing justice to compare the two as Azure AD is really just an SSO platform and user management system for Azure and Okta is a web app SSO provider.

The overlap between the two is due to the fact that Azure AD, unlike AD, has built in web application SSO capabilities. In fact, Azure AD rivals strong web app SSO providers, like Okta, in the marketplace.

But i can understand the comparison need as most see both serves similar functions. Okta focuses on web app SSO, so it makes sense that IT admins would compare Azure AD and Okta, although Azure ADs services extend beyond SSO.

Let start the comparison; Okta is a cloud solution and Azure can still have hybrid option with ADFS on premises requires additional upfront CapEx costs. Yes Okta can integrate with on premise AD.

As any IT admin may have thought through, running ADFS which mist likely be doing, may simply not work if you are not running AD in your current IT environment. Starting fresh will suite okta instead although a lightweight Windows agent can be deployed to integrate with your AD without the need for dedicated servers or firewall changes, which can minimize your on-premises footprint. Okta uses a subscription model and costs $2 per user per month.

Some enterprises also don’t feel secure syncing user names and passwords up to a third-party company. On the other hand, some enterprises prefer not to be locked into a single vendor, either. Personal preferences also play a role in your decision.

In term of integrated solution, Azure has tools and services for on premise AD to sync to the cloud but it can be complicated as each service requires individual configuration and integration with the Azure AD cloud service. If you do not have that experience then can be challenging. Okta is a vendor-neutral cloud based identity and access solution.

Next is the provision of identity as a service, one critical area is on integration of existing human capital management (HCM) systems. Okta’s Workday Integration, the HR department can drive the entire employee lifecycle,  onboarding and offboarding and provide access to the apps and directories users need. Microsoft currently supports integration with Workday, while other HCM systems require custom integration using Microsoft Identity Manager and SQL servers.

Microsoft recommends deploying Office 365 with AD FS, Azure AD Connect, and Microsoft Identity Manager (MIM)—a process that can take about 18-24 months. Okta supports all of these requirements out-of-box, in 4 months. I know this sound like marketing pitch but it is an area seldom you have one to mark a SLA benchmark publicly.  Of course it is more applicable for medium and large organisations fir such benchmarks.  Smaller ones would be still comparable.  

With granular control of licensing, you have to manage it for office 365. For example, you could assign Microsoft E3 licenses with only Exchange and Lync enabled for your Sales team, while your Support team gets an E3 license with SharePoint Online enabled. Okta will automate everything.

Another aspect is in Security,  the key is flexibility and being adaptive. Microsoft offers a cloud-based solution for MFA, you would need to deploy their on-premises MFA server along with AD FS. Can be non trivial. Also you should look at one to provide strong authentication across all applications, and supports more third-party MFA factors like U2F, YubiKey, Smart Cards, Google Authenticator and more. Okta requires no on-premises MFA servers, and can be easier for use by both administrators and end users. Multiple, inconsistent security policies can create a security risk for the business if the integration is done in haste.

Actually, I am thinking Microsoft customers can still choose Okta for identity because of its strong partnership and broad integration with Microsoft products. We should also look at which can fare welk to integrate identities from any number of Active Directory domains and reduces the directory cleanup and reconciliation process.

There are many question to ask the providers too. So do check out with them too.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial