A FedRAMP single sign on alternative
November 19, 2020
A FedRAMP single sign on alternative
Score 8 out of 10
Vetted Review
Verified User
Software Version
Single Sign-On
Modules Used
- Okta Workforce Identity
Overall Satisfaction with The Okta Identity Cloud
We worked with a government agency interested in a FedRAMP-approved, single-sign-on solution that supported native smart card authentication. Another requirement was the ability to authenticate users from outside the government agency in the same tool. After looking at various solutions that usually required an on-premises appliance to support smart cards, we decided to move forward with Okta Identity Cloud.
- Ease of setup and configuration
- Customer service response
- SLA
- Easy to navigate interface
- User app dashboard
- Little troubleshooting guidance when encountering smart card authentication errors
- Better troubleshooting steps when encountering SAML errors
- A better explanation of the LDAP interface connection settings
- More flexibility in importing and using AD fields
- Speed of deployment
- Improved risk reporting related to authentication attempts
- Improved security posture from centralized cloud access
- Increased user productivity from decreased use of passwords
Yes, our project benefited from a centralized platform. The cost model was also advantageous because the agency was unsure of how many users it could expect. No worries about scaling because Okta Identity Cloud scaled with our user base. No worries about capacity planning either. Okta Identity Cloud supported the majority of applications we integrated with little customization.
The Okta Identity Cloud support was helpful or provided knowledge articles. Based on the severity of the issues, Okta responded in a timely manner. Our customer success representative was also responsive and attempted to help us with issues. Smart card authentication was tricky at first to configure, but we set up a call with an Okta engineer familiar with the matter who helped us resolve the issue on the spot.
This is a great benefit and shows the benefit of well operated, cloud-based services. We integrated on-premises applications that were sometimes unavailable due to network or capacity issues. The availability was an added benefit when comparing Okta Identity Cloud to other products on the market. Our main decision point, in the end, was cloud-based smart card authentication. Overall, this improved the stature of Okta Identity Cloud for other projects within the company.
We conducted an analysis and looked at Duo, Azure Ad, Gluu, and Key Cloak. Both Gluu and Key Cloak are on-premises, open-source (with enterprise support options) solutions. One goal was to procure a FedRAMP-authorized tool if possible. Duo, Azure AD, and Okta Identity Cloud are all FedRAMP authorized. Azure AD does not support cloud-native smart card authentication. It requires an on-premises Active Directory and Active Directory Federation Services appliance. The final decision came down to Okta Identity Cloud because it supported native smart card authentication without an on-premises application. This was an early access feature, and it worked as expected with no major issues. The only challenge was setting it up, during which we needed to contact the support desk on the PKI certificate configuration.