Item: The Okta Identity Cloud
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

We currently use Okta Identity Cloud for three use cases:
1. Staff Single Sign-On
2. Customer authentication
3. Customer federation

For staff SSO, we have pretty much all of the Okta Identity Cloud SKUs except for Advanced Server Access and Access Gateway and the main purpose of Okta Identity Cloud was initially for Single Sign-On, but we're also now leveraging the LCM capability for SCIM provisioning against supported cloud services.
For the customer side, we leverage Okta Identity Cloud UD for application authentication and we also leverage the software to allow us to federate with our customers (Okta Identity Cloud acts as the SP).

Pros and Cons

Okta Identity Cloud makes it very easy to configure Single Sign-On using either SAML2 or OIDC by leveraging either a pre-built integration within the Okta Integration Network, or creating a custom integration if there isn't one (or you require more flexibility than what the pre-built one offers). We have configured SSO in single-digit minute(s) when using Okta Identity Cloud compared to other products.
With Okta Identity Cloud there is no on-premise infrastructure to manage in order for it to function, as it is all hosted in the cloud in AWS. Only agents are hosted within your network, if you require such functionality, but they require very low maintenance. Network security is high as the agents make outbound calls to Okta Identity Cloud, so no inbound connectivity is required for them.
There is no hidden cost with Okta Identity Cloud, and they are constantly releasing functionality into the platform that fits into existing SKUs. Over the five years that we have used them, they've only changed SKUs a handful of times and none have been disruptive.
For those of us who use and know Okta Identity Cloud, it is the de facto standard to use for Staff SSO capability. I come from an IBM background and I would rather use Okta Identity Cloud any day than go back to using TFIM for federation. Please don't even mention ADFS!
Okta Support is very responsive and there is a support portal to raise tickets against. Alternatively there are also numbers to call should you prefer to talk to someone.
Okta Identity Cloud has a great set of APIs for automating administration activities, and courtesy of their developers there is also a good set of SDKs and sample code on how to integrate Okta Identity Cloud using various programming languages.

Prior to the introduction of Okta Identity Cloud's workflows feature, trying to customize the platform to meet business logic was quite difficult, if not impossible. That was one of the downsides of using a service like Okta Identity Cloud compared to say a product like ISIM from IBM.
Trying to track down causes of provisioning errors (or any other issues) can be quite challenging as an admin using just the data available from the system log. It usually will require some sort of support ticket but fortunately, the support team are very responsive.
At present, Okta Identity Cloud lacks governance features such as segregation of duties, recertification, role-based access control, along with approvals. Should you require these features, you would need to handle them outside of Okta Identity Cloud such as within a service management tool and then leverage APIs to automatically perform the task in Okta Identity Cloud, or manually assign to an admin.
The Okta Identity Cloud administration console is not mobile friendly at the moment, which is a pain if you are looking to do some quick administration task away from your workstation.

Return on Investment

Day one using Okta Identity Cloud, users were able to Single Sign-On to their cloud applications without any additional logins. Compared to before they were using up to three logins before they even got to the Internet!
Within six months of going live with Okta Identity Cloud, we had transitioned our customer authentication to Okta Identity Cloud, resulting in $300,000 in annual savings.
Okta Identity Cloud allows us to federate with our customers with a few clicks of the button and, with our first customer, we onboarded over 10,000 users in one go.

Independent Platform

We chose Okta Identity Cloud as the platform of choice for Staff Single Sign-On, so that we would have one platform to manage for this functionality. To that end Okta has been a great success. Leveraging the pre-built applications on the Okta Integration Network to connect to common cloud applications such as DocuSign, Box, etc is a breeze, and we have since built many custom SAML integrations as well by creating custom applications in Okta Identity Cloud. We have even worked with a couple of our vendors to introduce them to Okta Identity Cloud so they can build SSO capability into their product.
From an operational management perspective, we are a small team of three and Okta does not require much operational overhead. We use Active Directory and we make use of delegated authentication from Okta so no user passwords are synchronized outside of the organization. The Okta agents are very low maintenance and only require updates every so often.
Okta's security policies allows us to ensure that we only allows users to log in from authorized locations and by leveraging Okta ThreatInsights, we ensure that our users are protected from common threats.

Customer First Team

We have a great relationship with our Okta account executives and sales engineers and regularly catch up with them to keep abreast of large developments on the Okta platform, or to keep them updated on our projects. For example, when we were moving our customer authentication to Okta Identity Cloud, we worked closely with our sales engineers to ensure our application architecture leveraging Okta Identity Cloud was correct and secure.
We have only leveraged Okta's PS once and that was during the initial onboarding. To be fair, I was the only person at the time assigned to this activity and I could have done it myself, however Okta felt it would be best having the PS team there in case something went wrong. We had Okta Identity Cloud up and running with SSO against Office 365 configured in an hour.
Okta's customer support has been fantastic to date and although we have gotten many different support analysts over the years, they have all been professional and our queries have been resolved in very appropriate times.

Reliability

Okta Identity Cloud has been extremely reliable for us. Over the last five years since we've been using it, there have only been two outages, and one of them was due to AWS while the other, if I recall, was an Okta deployment. There were some initial concerns about leveraging a cloud service for our staff SSO capability when we were considering Okta Identity Cloud, but those arguments have been well and truly put to rest now. We also have our customer authentication and customer federation in Okta Identity Cloud, and neither of those integrations have had any issues with Okta availability.

Alternatives Considered

Identity Manager and Centrify Zero Trust Privilege Services

At the time we started using Okta Identity Cloud in 2016, there weren't many IDaaS in the market with a solid product offer and good reputation other than Okta Identity Cloud and Centrify Zero Trust Privilege Services. As we had a greenfield environment, we did not want to host our own solution for Staff Single Sign-On and therefore an IDaaS was the perfect choice. To that end, we decided to evaluate Okta Identity Cloud and Centrify Zero Trust Privilege Services, and since we had already selected One Identity's Identity Manager for our on-premise IDM system, we also included it into the evaluation, as they had an SSO component.

We built a spreadsheet of requirements with MoSCoW ratings and sent it out to all of the vendors. After receiving the responses back and tallying up the ratings, Okta Identity Cloud came out the winner. At the time selecting Okta Identity Cloud met a few of our architectural decisions, namely:
1. Leverage cloud where possible to avoid having to host our own infrastructure.
2. On-premise systems managed on-premise and cloud-based systems managed cloud-based applications.

Okta Identity Cloud met both of those guidelines very well being an IDaaS and specializing in enabling Single Sign-On with applications. We also considered the LCM capabilities for the future, which we are now using.

Likelihood to Recommend

Okta Identity Cloud is one of the best (if not the very best) tool for Single Sign-On and user LifeCycle Management for cloud-based applications. I would highly recommend using Okta Identity Cloud if you are starting from a greenfields environment like we did, and even though we had on-premises hosting capability we did not want a traditional heavy identity management system.
From an end-user perspective, Okta Identity Cloud is very easy to use and the end-user portal can be configured to be the central source of all shortcuts. All of this is available from anywhere and any device should your organization allow it.
From an admin and security perspective, Okta Identity Cloud provides the capability to simplify the application access experience through Single Sign-On, and through its LifeCycle Management capabilities it also enables automated handling of Joiner, Mover, and Leaver requirements. The Adaptive MFA capabilities allows us to leverage Okta Verify, but also FIDO/WebAuthN compliant keys and allows us to enable passwordless authentication within the organization while still maintaining a high level of security.
Okta Identity Cloud currently lacks any identity governance capability, so that task would need to be handled either manually or via another platform at the moment.

Best solution for Workforce Identity and CIAM requirements!

Software Version

Modules Used

Overall Satisfaction with The Okta Identity Cloud