Brief product summary

Okta brands itself as the world’s #1 identity SaaS platform, and it’s a great identity provider (IdP) for authentication purposes. They provide:

  • Single Sign-On (SSO)
  • Multi-factor Authentication (MFA)
  • Advanced Server Access
  • and more in the identity-awareness space.

Their cloud-based platform provides a centralized authentication method for companies to manage and secure user authentication into applications, website web services, and devices.

OktaPomerium
Similar solution🍎🍊
Context-aware gateway
Identity ProviderNo, but integrates with all the major SSOs.
Open Source
Policy DescriptionsCan support a variety of rules.Can support complex rules.
Continuous verification

Our Recommendation

Okta’s identity management, while impressive, covers only the authentication aspect of a full zero trust architecture. Okta is best used with Pomerium to provide authorization per request, the other main component of what makes for good zero trust architecture.

Use Cases

  • User identification — Okta’s platform provides strong identity-aware centralized access to upstream services.
  • Identity verified for all users — A good SSO and MFA enforce point.

Strengths

  • Oh, we know them! — SSO identity provider for authenticating access to your internal services and applications.
  • One IdP for modern apps — This one IdP authenticates users, giving them an access token to traverse your internal ecosystem.
  • One standard to rule them all — Okta has a strong influence on the open standards related to authentication.

Weaknesses

  • No proxy, no protection — Okta’s not being a proxy means the applications it oversees access to are exposed to direct connections from any source, increasing unintended attack surface area for the applications you want to protect.
  • A plague upon thee — Okta’s software must be set up on every server the platform manages access to. Setup is complex and each cluster must be maintained. Also, Okta’s client is CLI-only which may stress non-developer users.
  • The birds have been at the breadcrumbs — Audit logs only cover SSH and does not cover auditing for RDP.
  • No baggage please — Okta does not support your legacy applications that are not built to support modern SSO tech. Only Pomerium secures all legacy applications.
  • Mileage efficiency decreases at scale — Okta’s pricing is based per server, and this increases the costs for organizations with high usage.

Sign up to be notified of new features and product updates

Try Enterprise