Skip Links

Single sign-on moves to the cloud

Okta and OneLogin score high in test of eight SSO solutions that cut help desk calls and boost password security

By David Strom, Network World
December 17, 2012 12:00 AM ET

Page 7 of 10

But as a result it offers a paltry set of apps that it can automate logins with, including Google, Salesforce, Webex, and a few others. There is no mechanism for secure Web access or automatically adding a new app, as there is with some of its competitors. You can also protect your user login with SecurID tokens too.

SSO score card

Reports are poor. There is a log export to Excel feature in CFS but that is more for events than anything a manager would understand. The dashboard is bare-bones and just indicates which services and connectors are running.

Pricing is based on a per-server basis: for 500 users it would be $25,000 for the first year and $6,250 for subsequent years, which includes 24x7 live support.

SecureAuth

SecureAuth has a collection of on-premises pieces for its SSO product. You need to setup its own server on your network, and you can use one that comes as a virtual machine or run their software on physical hardware. Because of this you will need to review the documentation on how their SSO product interacts with the built-in Windows Server firewall and make sure both are configured properly. There are also browser extensions to download.

Its admin console is Web-based and perhaps the least attractive of all the products we tested, but beyond cosmetics it has lots of parameters and configuration options to make it a very powerful SSO product. The trick is in finding the right menu and place on the appropriate form to fill out properly. For example, to enable two-way Active Directory synchronization you set the "read only account" to false on the membership connection settings.

There are numerous multi-factor authentication methods that are supported, including Yubikeys, SMS text messaging, telephone, question and answer sessions, and email dialogs. Like some of its competitors, you can block or allow specific IP address ranges, and setup workflows depending on whether you are using a trusted computer or accessing your apps from a public network. It supports a wide range of identity providers including AD, Lotus Notes, OpenLDAP, Novell eDirectory and others.

SecureAuth has the most complex pricing plan of any of the vendors we tested. There is a per user fee, which starts out at $19.50 per user per year and can drop quickly to a few dollars a year for the largest installations. There are one-time per server and per-app fees, both of which start at $2,600. So for a 500-seat installation, the damage would be $20,000 for the first year and $10,000 for subsequent years. They need to simplify this scheme with far fewer options to make it more competitive, and understandable.

SmartSignin

Like McAfee, SmartSignin has two separate offerings: one cloud-based and one for on-premises. The latter is only available at the higher Enterprise price. The product is still in beta and features are being added rapidly. They integrate with three identity providers at the moment: Google Apps, AD, and Salesforce.com. The company is small but seems to be on the right track.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News