Microsoft Entra External ID (formerly Azure Active Directory B2C, or alternately, Azure Active Directory External Identities) provides business-to-customer identity as a service. Customers can use their preferred social, enterprise, or local account identities to get single sign-on access to applications and APIs.
$0
per month per active users
Opal.dev
Score 1.0 out of 10
N/A
Opal is a security platform that enables organizations to scale process.
N/A
Pricing
Microsoft Entra External ID
Opal.dev
Editions & Modules
Premium P1 (for More than 50,000 MAU)
$0.00325
per month per active users
Premium P2 (for More than 50,000 MAU)
$0.01625
per month per active users
No answers on this topic
Offerings
Pricing Offerings
Microsoft Entra External ID
Opal.dev
Free Trial
Yes
No
Free/Freemium Version
Yes
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
A flat fee of $0.03 is billed for each SMS/Phone-based multi-factor authentication attempt.
For us as we already used microsoft platforms it made perfect sense to remain within one eco system rather than split external ID systems if we could. We did however look closely at AWS as a comparison and chose Microsoft Entra External ID based on our end users (familiarity) …
Microsoft Entra has much more advanced features than Amazon cognito. The access permission feature, mfa, data protection is top notch. Amazon cognito does offer MFA but the security access feature is not very great. The Microsoft Entra offers a wide selection of access …
Each one of these alternatives has pros and cons. PingOne from Ping Identity states they "help deliver the secure and seamless customer experience to win battles for customer acquisition, retention, revenue, loyalty, and trust." While that may be the case, they did not fit our …
It is not easy to calculate the actual ROI due to the difficult quantification of all factors, but it certainly contributed a lot in protecting, monitoring and controlling access to our system. It also made it much easier to detect vulnerable external users with simple and "easy to hack" passwords they use on multiple apps.
I am frustrated that my organization chose to adopt Opal for our access management tool. It is extremely difficult to use, due to bugs and basic functionality missing. Engineers are not given write access to production resources, so every change must flow through Opal.
This involves writing an IAM policy by hand for every request, because it is far too difficult to find an existing role in the system, and requests must the narrowly tailored only to allow the exact operation requested. Opal makes this process much more difficult because it lacks basic functionality for end users, such as: -Ability to modify an existing IAM role
-Ability to view existing IAM roles
-Ability to delete duplicate Opal roles
-Lack of IAM role templates
-Poor error messages when attempting JSON policy fails validation
In general, each Opal request takes 5-10 minutes because you need to be very explicit with every API action you are requesting, which then needs to be repeated multiple times because it is very hard to get everything correct the first time, which then requires a new round of reviews. This is partially because AWS IAM roles can be tricky to get right, but Opal provides no functionality to make this easier.
One of the things that Microsoft Entra External ID does really well is creating user logins, accounts and profile. It is very easy to create them, manage them and delete them. It is fast and reliant.
Limit access or authorization feature. We can allow different levels of authorization and access. So that not all the employees would have access to all the data. Only some relaible employees would have access and power to change anything.
Mutli factor authentication feature is also a really good feature to secure data. Even overseas vendors need MFS to login which gives double protection to our data.
Microsoft Entra External ID is an all round solid product, and certainly delivers the solution to our needs well. Through use we found that Pupil's become 'experts in avoidance', if they can forget their login details or indeed their device used for MFA, they will and then use that as the excuse for not accessing/completing their assignments. If more MFA options were available (such as delegated MFA) this would really help iron out our entire end user experiences
For us as we already used microsoft platforms it made perfect sense to remain within one eco system rather than split external ID systems if we could. We did however look closely at AWS as a comparison and chose Microsoft Entra External ID based on our end users (familiarity) with microsoft authentication and deployment routines. We also found that Microsoft gave more sovereignty assurances with our data.