So my company is looking at Okta to be a new solution to allow our SSO credentials to be passed on through website to website. Has anyone used this solution before?
For more details: https://www.okta.com/products/single-sign-on/
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (16)
I believe @aaronpk @dogeared have used Okta before!
I've used Okta to test, and further develop, SAML2 support for our enterprise application. From all the other services I tested (Auth0, SSOCircle) I liked Okta the most. Quite some functionality and possibilities. The best part: You can sign up for a developer account for free, without any serious limitations, and not even get harassed by their sales.
That's great to know! Thanks for your reply
You've had most of your questions answered. One thing I want to throw out there is that Okta has CLI support as well. We use AWS and Okta, and I'm able to use my credentials from Okta when using the terminal and AWS's CLI tooling.
My company uses it. What questions are you looking to answer?
Some fairly simple ones. Our IT ticketing platform, ServiceNow, uses it and I just don't feel it works as intended.
Cheers!
I work at Okta, but we use the Okta product every day at work, so I'll only comment on it as a user.
Does it work well? Ya! it's super simple/nice. I use it to log into all of my work apps.
Is implementing it difficult? No... Although it depends on what services you want to configure it with. Most of the work is just exchanging credentials initially. There are a lot of docs/videos/courses you can do if you want help.
Are there any valid security concerns? The only one I can think of is that Okta is going to become a single-point-of-failure for your users. So instead of having users sign into each service directly, they'll now sign into each service through Okta. So if Okta goes down or gets hacked, the risk is larger. But that said: Okta's gone through a ton of security audits and spent a lotttt of $$$ on this sort of prevention. It's a large publicly traded company with a lot of resources.
What's my personal view on it? I like it. I didn't know anything about Okta before working here but the service is top notch. It's going to be annoying if I ever leave Okta and have to work someplace without it. I remember at my last company we had a shared lastpass account with a million passwords in it. Half the time some service would force someone to change a password and they wouldn't update it in lastpass and then bam: shit doesn't work and it was crazy annoying.
Thanks for taking the time to reply, I appreciate it!
It does sound like Okta is a great tool and I am excited for if it ever gets implemented. Enterprise-wise SSO sounds like a dream come true and this could easily become a standard SSO service for pretty much anyone.
May I ask why is Okta better than Auth0, in your opinion?
I haven't used Okta yet, but one of its developers, Randall Degges @rdegges , hangs out here and wrote one of my favorite rants on this websites which is not about Okta but still might be useful in term of authentication:
Please Stop Using Local Storage
Randall Degges
tl;dr - LocalStorage is not encrypted or domain-restricted. Basically, any JS script can read your LocalStorage and compromise your authentication tokens. Use Cookies instead.
Can someone give me the TL;DR on Okta?
I'm curious but want to make sure I'm not missing the point.
I'm a developer advocate at Okta, I'll give it a whirl. The TL;DR is that a lot of companies use it to provide SSO to their employees. They log in to their Okta dashboard at company.okta.com, then they can log in to all their apps (0365, Salesforce, Concur, etc.) with a single click. It's like 1Password for the enterprise.
We also provide "Customer Identity", which means you can use our APIs to add authn/authz to your custom-built applications. Then you can provide these apps to your customers and they can register, log in, and use your apps. You don't have to write any auth code. Our APIs support industry standards like SAML, OAuth 2.0, and OIDC.
I can't speak to the implementation side, but as an end user, I find it useful.
It makes the apps we use more secure by putting them behind a sign on and if you give the Internal IT engineers a list of what your new starter needs it makes onboarding new people a breeze.
Okta for SSO works pretty well and their API is pretty good too.
The OIDC implementation has me tearing my hair out though. Docs are outright misleading in places.
Our docs are all stored in an open source project on GitHub. You can create issues about the things that are misleading and we'll get them fixed!