Skip Links

Single sign-on moves to the cloud

Okta and OneLogin score high in test of eight SSO solutions that cut help desk calls and boost password security

By David Strom, Network World
December 17, 2012 12:00 AM ET

Page 4 of 10

The online cloud documentation is rather sparse but the printed manuals go into more detail on how to setup both Google and Salesforce accounts on their service.

Net results

For both products, McAfee has one of the simplest pricing models around, albeit one that isn't published on their website. They include everything in the per-user subscription fee, which starts at $5 per user per month and drops to $1 in quantity and over multiple years.

And by everything we mean live 24x7 support, as many application connectors or identity providers as you desire, and unlimited roles and policies. So pricing for 500 users would be $18,000 for one year. A three-year contract would drop the cost to $13,300 per year.

Numina Application Framework

Numina had the smallest feature set of the products we tested. It is more of a developer's toolkit than a fully complete product. It comes with both on-premises pieces, mainly a Web service that runs on an IIS server, and a cloud piece. Unlike most of the other products in this review, it doesn't offer two-way synchronization with Active Directory or LDAP directories: it can only update its own user accounts. It also supports OpenID authentication methods.

Setting up an app that supports SAML, such as Google Apps, is very straightforward and the information to share with the corresponding fields on Google's Web form is clearly displayed.

One limitation with SAML is that the user ID that Numina uses must match the ID that the app provider requires. This could be a big issue if you are going to use it to login to a lot of different SAML apps. The other products allow for more flexible configuration.

Numina supports a single multifactor authentication, SMS text message, although there are plans for more. However, it excels in the number of reporting choices, something the far more feature-rich products should take a closer look at.

Numina has a very simple pricing scheme, based on a single server license, so our sample 500 seats would cost $25,000 for the first year and a $5,000 maintenance fee for subsequent years.

Okta

Okta has been in the identity management business a long time, and it shows. They have mostly a cloud-based service with several pieces that are installed on your network, including browser plug-ins. There are clear workflow diagrams showing what you need to finish your tasks, and separate tabs for setting up apps and users and running reports. This is one of the best features of the product.

Okta has the ability to support two Active Directory connectors to the same directory store for redundancy. When you set these up they are read-only, but you can quickly turn on two-way synchronization. The Active Directory connector has its own user interface and monitoring application, and can be run from any Windows server. There is also a separate piece of software to handle the desktop Windows login integration that needs to be installed on an IIS server.

The product also has wide multifactor authentication support, including its own mobile soft tokens, a security question, and Google Authenticator. You can enforce the multiple factors when users are outside the corporate network, or for specific groups, but not for specific applications. And you can ask for the multiple factors on a specific time schedule (say once a day) too.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News