Skip Links

Single sign-on moves to the cloud

Okta and OneLogin score high in test of eight SSO solutions that cut help desk calls and boost password security

By David Strom, Network World
December 17, 2012 12:00 AM ET

Page 5 of 10

They have a unique feature called Just in Time provisioning. This means you can import all your Active Directory accounts and set things up so that when users are ready to start using their SSO solution, it will try to authenticate them with their Active Directory logins and create their accounts on the fly. This can be useful if you are turning on SSO for a large population at once.

Okta has excellent documentation, with plenty of screencast videos showing you how to set things up. They have a catalog of more than 1,000 apps that have already been pre-configured. There is also a table showing browser support that can be reached from the help screens inside the Okta app itself, a nice touch.

Reports show you the last month's worth of app usage and suspicious activities and how many users have never signed into the system.

The Okta dashboard gives a range of application reports that can show unused apps for particular users. It also has a nice task list showing what you still need to do to on their service, alerts to any apps that weren't setup properly, and other items.

Okta's biggest downfall is how poorly it can recover from errors in the configuration process. Once you select an app you can't actually delete it, just deactivate it. If you haven't set it up properly this can give you fits. Okta claims this is a feature, to aid with its logging capabilities. We disagree.

Okta has several pricing plans, starting at $1 per user per month for basic SSO and moving up to $10 per user per month for enterprise-level features such as user provisioning and more detailed reports. Pricing for 500 users would be $60,000 for the first and subsequent years. Live 12x5 support is included, and there are three additional support plans if you want to go to 24x7 support.


OneLogin is a cloud-based service with several on-premises pieces including browser extensions, a special IIS-based authentication script that is used for Windows logins, and an Active Directory connector for Windows servers to establish the two-way directory synchronization.

It has one of the largest app catalogs, supporting more than 2,600 apps, and also has the ability to be easily customized for forms-based secure Web authentication by creating custom app connectors. That is a nice touch, because with some of its competitors, you either can't create new app connectors or else you have to wait for the vendor to create them and add to the product.

One unique feature to OneLogin is a new addition called Federated Cloud Search. This makes it easier to find particular content across your entire apps portfolio without having to index each specific site. If you ever tried to look for a document in one of your SaaS-based providers, you will understand how effective this feature can be. Not all of OneLogin's apps support this feature yet. Like some of its competitors, it also supports just-in-time app provisioning.

Another is the ability for an SSO administrator to login as a particular end user to do troubleshooting, called "assumed sign in." You have to enable this individually by application, though. You don't need to know the end user's credentials but you can test out the access to a particular app.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News