Okta provides on-demand, single sign-on and access management for organizations that use one or more cloud or Web applications during the workday.
Okta isnt great at managing the log-in process for on-premise applications. Plus, IT managers who have a mix of cloud and on-premise apps may want to consider a more traditional identity and access management implementation from CA, NetIQ (which inherited the Novell identity management tools) or Oracle (which acquired Passlogix). The advantage that Okta has over the traditional tools is that it can roll out in days instead of weeks and likely with much less consulting or custom coding.
My tests showed that out-of-the-box Okta was able to successfully manage the log-in process for nearly all my test cloud services. In the case where Okta did not already have an application in its library of nearly 1,250 cloud-based services, the company was able to deliver a solution in just about one day.
The eponymously named Okta service offering was most recently revised in December 2011 and costs $10 per user per month for the enterprise edition that includes support for multiple apps, and identity and access management with reporting. If the commonly accepted benchmark of $25 per password reset cost is used, then an organization would see a return on investment after the fifth password reset in one year.
IT managers should consider a number of other cost factors, including the reduction in overall lost productivity due to forgotten passwords and the increase in audit compliance provided by Oktas access-reporting capabilities.
Okta competes directly with services, including OneLogin, and hybrid solutions, including Ping Identity and Symplified. Okta includes user integration, which is an add-on for $5-per-user-per-month Onelogin. Ping Identity’s Ping Federate is an on-premise appliance and meets a different use case where on-site control of user identity is critical. Symplified can be deployed on-premise or in the cloud and provides controlled access to both on-premise and cloud apps.
To test the Okta system, I first entered a number of users into the platform. I could also have done this by integrating Okta with eWEEK Labs’ Microsoft Active Directory server.
I accessed several cloud-based services, including Salesforce.com, Concur expense tracking, ADP payroll management and CopyCache, a content traffic and payments systems.
Salesforce.com was the easiest and most straightforward log-in. As an Okta administrator, I first of all added the Salesforce.com application to the menu of applications that would be made available to my users. I then assigned users to the Salesforce.com application.
IT managers should be aware that Okta requires that a browser helper object be installed. I was prompted to install the secure Web plug-in when accessing my test Okta instance from Internet Explorer 9, Firefox 10 and Chrome 17.
After logging in to my Okta account, I was presented with an app store-like display of my applications. In my test set-up, I logged in to each application using credentials I knew. I could have set up Okta so that my users did not know the actual log-in credentials and accessed the cloud applications based on successfully authenticating to Okta.
The second time I logged in to my Okta account, the single sign-on functionality worked as expected. When I logged on to Salesforce.com, I watched as my log-in was redirected to Salesforce secure log-in servers and then I was connected to my account. Logging in to ADP took me directly to my employee payroll and benefits page on the ADP portal.
Where things didnt work so well, it was primarily because I had selected the wrong service. For example, the widely used Concur expense and travel management cloud service actually has several different online services. I selected what I thought was the main Concur service, only to find out from Okta tech support that I was in fact using the expense-tracking version.
Click here to access additional analysis from eWEEK Labs on Okta.