Should you get Cloud Single Sign On (SSO)? Obviously yes. It’ll Fort Knox (it’s a verb) your data and give your team a quick, easy, and secure way to access all their stuff. But which flavor SSO should you choose?
Two of the chunkiest players in SSO World right now are Azure Active Directory (Azure AD) and Okta, and both are robust and capable resources worth considering. So, the big question is, Azure SSO vs Okta SSO—which is right for your business?
The most accurate and most annoying answer is….It depends. Both are web-based identity and access management services, offering similar products and resources. Both have enterprise management capabilities. In a recent-ish Gartner review, both gained a solid 4.5/5 from real live users, but it’s not just about what others think—it’s about which one suits your business needs best. So we’ll take a brief and riveting look at how they’re similar, how they differ, and what they might mean for your business.
Remind Me, What’s Cloud SSO and Why Do I Need It?
Cloud SSO is an identity authentication tool that gives you access to multiple cloud-based web services, using a single, authorized digital identity. It acts as a reinforced front door to your app catalog and/or corporate data.
You need SSO because it tightens up data security until it squeals by:
- Enforcing multi-factor authentication
- Granting access on a need-to-know, rather than free-for-all, basis
- Implementing OS updates and passcodes
- Enforcing good password practice
- Eliminating password fatigue
Your team needs SSO because they’ll get access to everything they need to do their job in a single log in. New hires will also get a great first day, since SSO streamlines the onboarding process to get them up and running fast.
Let’s Look at Azure AD
Azure AD is a Microsoft product that calls itself Identity-As-A-Service (IDaaS), and shouldn’t be confused with its Microsoft stablemates: directory service Active Directory and cloud computing platform Azure.
Quick history lesson: Active Directory was created to give Windows-based enterprises a way of managing on-premises data infrastructure—PCs, servers, and users—with a single identity for each user. Azure AD builds on the access functionality of Active Directory, by extending SSO and other services to non-Microsoft SaaS apps with authentication mechanisms like SAML and OAuth across the cloud, as well as to Microsoft 365 and the Azure portal.
You can access SSO apps through Windows Azure portals or use Azure AD to enable the Windows My Apps portal. On mobile devices, use the My Apps mobile app for SSO. There are over 3,200 preconfigured Microsoft and third-party apps to play with.
The latest from Microsoft is the launch of Entra, its all-singing, all-dancing identity, and access capability. Azure AD is part of this, as is Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity.
Let’s Look at Okta
Okta. Why the name? In meteorology, an okta is a unit of measurement for cloud cover, which is a bit clever, and so is Okta. Okta was an early entrant in the SSO market, and is an identity and access management company with a mature product and robust track record so far. It was built to be platform-agnostic and offer IDaaS on any device. Unlike Azure AD, no identity management legacy issue limits it.
A Complexity, Because Nuance Is Not Dead Yet
Okta and Azure AD are competitors in the marketplace, but Okta has custom integration with Azure AD allowing it to work with clients with Microsoft’s Active Directory. Wait, is that even allowed? Yes. Yes, it is.
What They Both Offer
Both Okta and Azure AD provides the standard data security smörgåsbord that any compliance-savvy company like yours would need, such as
- SSO
- Multi-factor authentication
- Conditional access
- A compliance-friendly audit trail of who accessed what, where, and how
- Access control
- Provisioning and de-provisioning
Plus, they provide allied services that make your job easier, such as
- Directories for user lifecycle management
- An entire visibility dashboard
- API access management
Which one is right? It will depend on your own business setup and direction.
Azure SSO vs Okta SSO: Ask Yourself 4 Questions
1. Is My Infrastructure Windows-Flavored?
If your mobile fleet is Windows-based, or your business uses Windows network infrastructure, it makes sense to plump for Azure AD. Although it offers pre-built integrations for non-Windows infrastructure and functionality, Azure AD’s origins were to authenticate users in Azure, so it’s highly tailored for Windows servers and other infrastructure hosted in Azure.
2. Do I Already Use Active Directory for My On-Premises Stuff?
If you use Active Directory to manage your on-premises infrastructure, it makes sense to choose Azure AD over Okta for your Azure cloud infrastructure. Azure AD helps central IT departments to manage corporate data and infrastructure assets, and is useful if you have an in-house development team that builds stuff. It’s easy to sync Active Directory to Azure AD using pass-through authentication.
If you’re Windows-flavored, use Office 365, and don’t need the extended features that Okta has, such as enabling non-SAML web apps, then stick with Azure AD.
3. Do I Have or Need All the Platforms?
As a vendor-neutral animal, Okta’s reach is flexible and widespread. It works with all the common OS—Windows, MacOS, iPadOS, iOS, WatchOS, and Android—and the Big Five browsers—Internet Explorer, Edge, Chrome, Safari, and Firefox. And, yes, Okta can deploy SSO from Active Directory, cutting out Azure AD altogether, as well as integrate with key Microsoft products such as Office 365, Sharepoint, and InTune. This means if your fleet is hybrid, or you work cross-platform in the office, you’re covered.
4. How Much Do I Want To Spend?
Pricing can get hairy. Not just because it could get expensive for either choice, but because pricing is not particularly transparent and comparisons are difficult. Okta uses an a-la-carte menu per service per user. Its SSO currently stands at $2 per month per user or $5 per month per user for their adaptive SSO offer, and it charges extra for the extras—such as multi-factor authentication, but (here’s the thing) they want a minimum of $1,500 from you per year. There’s a volume discount if you’ve more than 5,000 users.
As for Azure AD, there’s no minimum annual contract. Most Microsoft Office 365 includes basic Azure AD functionality, including SSO for Office 365 and SAML-enabled applications. You’ll also get Azure AD free with SSO “partially included” (whatever the heck that means) when you pay Azure, Dynamics 365 and InTune, etc. There are also two premium tiers at $6 and $9 per user per month, which you may or may not need. Under the Microsoft Customer Agreement option, you can pay as you go.
It’s Not Easy, so Call Us
Okta SSO and Azure AD SSO are both solid, reliable products. And that’s what makes it difficult to choose between them. Before you make that decision, call us because we can help you make the right decision for your business. We can advise on what works best for you, whatever your shape, size, budget, or ambition. We’re independent, which means we don’t get paid for anything we recommend, which is a damn shame because we’d be in the Bahamas right now.
Want to learn more about Azure SSO vs Okta? Give us a call! We’re happy to help.