If your employees have a growing problem of managing log on credentials across the cloud-based applications used at your company, you might be interested in the briefing notes I took when meeting with Okta this morning.
The name of the game is subscription-based, identity management for cloud applications like Salesforce.com, Workday or Concur. The Okta service can integrate user credentials from your existing Microsoft Active Directory to enable secure single sign on. Here is a useful video from Okta about how the product works for users and for IT.
There are a range of products that compete in this space with Okta, including Ping Identity and the yet to be released Project Horizon from VMware. As a class, these products attempt to solve the problem exerting corporate control over cloud applications that were implemented at the department or line-of-business level. For example, Okta provides an audit record of user access that can be accessed and controlled by corporate IT.
Here are some things that I'll be looking at if I get around to reviewing Okta. 1. Ease of integration with business apps. Company officials say the product comes with ready made integrations to over 1,000 applications. During the demo, it looked like nine fields had to be filled in by the IT administrator to connect Okta to a Salesforce.com instance. That's not unreasonable, but I do want to see how much effort is needed to integrate typical products.
2. Connector durability. When an application changes version, that is usually when the single sign on integration breaks. Okta says that it keeps an eye on these changes in order to "future-proof" the connections. I'd like to see that in action.
3. Value for money. Current Okta licenses range from $12/user/year for one application connector to $10/user/month for the enterprise level product.
If you have suggestions for cloud-based identity management evaluation criteria, let me know.