Okta Review

Okta's suite of automated workplace identity products increases your network's security and lets IT techs focus on higher-level issues. Whether you need single sign-on (SSO) or multi-factor authentication (MFA) technology -- or both! -- Okta's web-based software provides a seamless desktop, browser, and mobile device login experience for users.

As every information technology (IT) department grows, it reaches a tipping point. The volume of routine user service requests for new passwords -- or to reset them -- prevents techs from working on higher-level issues.

Still, you can't afford to give passwords and their security short shrift because you must protect your network and its data. Your solution? Automated password management.

Okta is one of the best identity management software providers on the market. We'll go over its features, pricing, and support options so you can see how your business could benefit from using it.

Who is Okta for?

Founded in 2009, Okta has identity and access management solutions for workplaces and consumers. Its primary product is a web-based single sign-on application that allows users to log into multiple applications such as Gmail, Office 365, and Salesforce via one centralized interface.

While Okta's individual products range from $2/month per user to $15/month per user, its minimum contract is $1,500/year. Customer support packages, whose prices are based on total users, cost extra.

This pricing schedule could put it out of reach for smaller businesses, and its customer base consists of larger companies such as FedEx, Hewlett-Packard, and T-Mobile.

Okta's features

Okta security software has separate product suites for workplace and consumer identity management. The workplace identity applications include:

• SSO
• Multi-factor authentication
• Life cycle management
• Universal directory
• Application programming interface (API) access management
• Advanced server access

We'll focus on Okta's SSO and MFA features because they provide the foundation for identity management.

Single sign-on (SSO)

SSO software lets users log into multiple websites and applications with a single password. For example, at The Ascent, I have separate employee accounts for Slack, Trello, and Microsoft Outlook. Our SSO provider lets me directly access these applications after logging into its interface.

Beyond standard SSO functionality, Okta includes:

• Flexible policy engine: Use multiple conditions and actions to set permission policies for protected assets.
• Real-time security reporting: Employ sophisticated searches of real-time system logs that include geolocation tracking and integration with security information and event management (SIEM) applications.
• Okta application network: Connect your Okta account to more than 5,000 pre-integrated applications.

After you log into your Okta account, the homepage has tiles for each connected application and website you can now open without logging in again. You can also manage multiple settings for each application from this page.

Access your connected accounts from your desktop or use the Okta app on a mobile device. Image source: Author

The Okta mobile app for iOS and Android devices also provides quick SSO access to Okta-connected accounts when your employees are out of the office.

Multi-factor authentication

SSO technology streamlines access to applications, but another key issue remains: ensuring passwords are not compromised. All passwords should be easy to remember and hard to guess, but at best, this only slows down bad actors and their strategies to uncover passwords.

MFA addresses this problem by requiring one or more extra identification "factors" beyond the password before you can access your account. Every time I log into my bank account from my laptop, for example, I must also enter a single-use code the bank texts to my smartphone.

The three authentication factor types are:

• Knowledge: Answers to personal security questions
• Possession: One-time passwords (OTPs) sent via text, email, or phone call
• Biometric: Fingerprints and facial recognition technology

Okta has a wide range of authentication options with varying levels of security.

Each authentication factor falls within the security assurance continuum. Image source: Author

Okta also offers contextual access management, which requests more authentication factors based on levels of risk due to logins coming from unexpected locations, devices, or networks.

Reports

Okta reports provide the information you need for actionable insights about usage and security -- everything from overall usage to authentication troubleshooting.

Okta has three report categories:

• Activity: User, application, MFA, YubiKey, and short message system (SMS) usage
• Security: User password health, application password health, Security Assertion Markup Language (SAML) capable apps, current and recent assignments, proxy IPs, suspicious activity, and deprovision details
• System log queries: Total and failed logins, SSO attempts, and authentications via Active Directory (AD) agent

Specify a report's time frame, filter the results, see events per actor and their locations on a map, and more. You can also download reports as a CSV file. The system log report below uses the event filter to only show initiated user sessions.

Okta system log reports show when and where filtered events occurred. Image source: Author

Every device (aka, "endpoint") that employees use to log into your network is a potential access point for hackers. If you have a network security operations center (SOC), these reports provide critical information for endpoint security.

Okta's ease of use

IT personnel like how Okta streamlines the onboarding process for new users while increasing network security with the multiple MFA options.

They also report that it works equally well on a company's network and remote Wi-Fi connections. Some comment that technical documentation should be better organized, and that problems can arise when third-party vendors update their apps.

Employees at companies using multiple applications like having them aggregated in the Okta interface without having to log into each one individually.

Most user issues revolve around nuts-and-bolts topics, such as password length, updating passwords across multiple applications, and how often new Okta sign-ins are required.

I've used Okta and other identity management software, and I think ease of use boils down to educating users about how these applications work. While IT professionals appreciate how they impact their workloads, too often this software is dropped on users with little explanation or training.

I worked at a university that suddenly announced one day we were now using identity management software, and it took me a long and increasingly frustrating afternoon to figure out how to sync my accounts, apps, and passwords within it. And when it was time to update a password?

Whoa, Nelly! I felt like I was chasing my tail for the next hour or more as I tried to update and resync everything.

Okta's pricing

Okta's workplace identity products include:

• Single sign-on: $2/month per user -- Includes integration network, ThreatInsight, desktop and mobile SSO for cloud and on-premise apps, basic multi-factor authentication, third-party MFA integration, sign-in widget, and local language support.
• Adaptive SSO: $5/month per user -- Adds contextual access management, including location, device, and network, and risk-based authentication.
• Multi-factor authentication: $3/month per user -- Includes possession factors, such as one-time passwords, push notifications, texts, Universal 2nd Factors (U2Fs), and voice.
• Adaptive MFA: $6/month per user -- Adds contextual access management, including location (new city, state, or country, and impossible travel patterns), network (new IP and specified IP zones), device, and risk-based authentication.

Other products with prices ranging from $2/month per user to $15/month per user include a universal directory, life cycle management, application programming interface (API) access management, advanced server access, and access gateway. Customer support packages are sold separately.

Okta pricing requires a minimum $1,500/year contract but offers deep discounts to larger organizations adding more users. The SSO plan has a free trial.

Otka provides eligible nonprofits with 25 free licenses for all Okta products, 50% off public training courses, and unlimited complimentary passes to the annual Oktane customer conference.

Okta's support

Okta's four customer support plans include:

• Basic: Has a 24-hour response time for support requests by phone or email.
• Premier: Upgrades to a one-hour response time for support requests and 20% off instructor-led training classes.
• Premier Access: Adds a customer success manager (CSM) and virtual kickoff, quarterly success, and semi-annual business review meetings.
• Premier Plus: Adds a VIP support line, onsite meetings, and two passes to the Oktane customer conference.

The Basic plan has 12/5 support Monday through Friday from 9 a.m. to 9 p.m. ET, but the others have 24/7/365 support. Pricing is quote-based and depends on your number of users.

Okta's online resources include:

• Knowledge base
• Product guides and documentation
• Community forums
• Online training
• White papers, data sheets, and infographics
• Webinars

Okta's resources are found in two locations -- the help center and a separate content library -- which can sometimes make it difficult to find what you're looking for.

Benefits of Okta

Okta reduces IT workloads, which directly impacts your bottom line. Without Okta identity management automation, your IT department is continually resolving support tickets to grant employees access to different sites and applications while enforcing strong password protocols.

Okta says customers using its SSO have seen a 50% drop in login-related help desk requests. Users can also log into and use new apps 50% more quickly, and IT integration of acquired businesses is up to five times faster.

Okta MFA reduces the time and expense of security breaches because 80% of them involve compromised passwords.

We'll take a closer look at three more Okta features that can streamline your operations: browser extensions and plugins, ThreatInsight, and passwordless authentication.

Browser extensions

The Okta dashboard is a useful resource for employees, but they can access the applications and websites there more quickly via browser extensions and plugins.

Supported browsers include:

• Chrome
• Safari
• Internet Explorer
• Firefox
• Edge

The Chrome extension shown below lets you choose apps to add to your account, generate strong and random passwords for them, and switch between multiple Okta accounts. It also prevents websites from storing your login credentials.

The Okta Chrome extension gives you quick access to multiple applications and websites. Image source: Author

For extra convenience, Okta administrators can use browser extensions to access the admin console.

ThreatInsight

The best security stops problems before they occur, and Otka's ThreatInsight collects data across the entire Okta customer base to detect and blacklist malicious IP addresses. ThreatInsight can log suspicious IPs without blocking access, or log and block these authentication attempts.

ThreatInsight protects your network from multiple intrusion methods:

• Phishing and other social engineering types
• Credential stuffing
• Brute force attacks
• Password spying

Whether these attempted data breaches are financially motivated or driven by wannabe hacker script kiddies, ThreatInsight works to minimize downtime, increase security, and avoid unwelcome financial repercussions.

Threatinisight provides proactive protection before the login process. Image source: Author

ThreatInsight also uses rate limits to prevent admin and user lockouts during a distributed denial-of-service (DDoS) attack.

Passwordless authentication

Passwords are a perpetual weak link in your security system because even the strongest ones only slow bad actors down without completely thwarting them. Okta allows you to move beyond passwords with passwordless logins.

Workplace identity passwordless options include:

• Email-based magic links
• Factor sequencing
• Personal identity verification (PIV) smart cards
• Device trust
• Desktop SSO

Factor sequencing, for example, lets you choose high assurance factors such as Okta Verify. This app allows users to confirm their identities by approving a push notification or entering a one-time code without the need for a second factor.

Okta Verify streamlines the login process and increases security. Image source: Author

Passwordless authentication addresses the dueling positions about passwords illustrated by recent research: 66% of IT and IT security practitioners surveyed in the U.S., U.K., Germany, and France said protecting passwords is very important, but 51% also said password management is too difficult.

Improve your identity management with Okta

Okta's expansive features set, corollary apps and browser extensions, and thousands of native third-party integrations make it an identity management industry leader. Its entry cost, however, likely puts it out of reach for many small businesses.

Perform a thorough cost-benefit analysis to determine if you have the IT needs and budget to achieve a positive return on your investment.

How Okta Compares