IDaaS SHOWDOWN: Microsoft EM+S vs Okta

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Eric Raff. Usergroup up
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Single Sign-On with Microsoft Azure
Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Configuration Manager and InTune Gemeinsam oder einsam?
User and Device Management
Pat Fetty – Principal PM Manager Securing your mobile assets with Microsoft Intune WIN33 1.
Craig Pringle & Derek Moir
Identities and Azure AD Premium
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
SaaS apps.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Managing Devices in the Enterprise: From EMS zero to Hero in only 60 minutes Ken Goossens Herman Arnedo Mahr.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Recording Brief EMS Partner Bootcamp Variables Values Module Title
Today’s challenges Data Users Apps Devices
Web SSO with Cloud Resources using AD Federation Services
A lap around Azure Active Directory Business to Consumer (B2C)
Microsoft Ignite /27/2018 9:00 AM THR2016
Azure Active Directory - Business 2 Consumer
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
The power of common identity across any cloud
Power BI Security Best Practices
Wait, Microsoft is in the Security Game?
Windows 10 & Intune: A Modern Desktop Management Story Joe Crandall.
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Think You Know How To Manage Office 365?
SharePoint Online Management and Control
Cloud Connect Seamlessly
Azure AD Application Proxy
Protect your OneDrive and SharePoint files on mobile devices
05 | AD to Windows Azure AD IT Professionals
Access and Information Protection Product Overview October 2013
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
M7: New Features for Office 365 Identity Management
TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
SharePoint Security for the Site Owner
Five mistakes to avoid when deploying Enterprise Mobility + Security
Office 365 Identity Management
Office 365 Identity Management
Matthew Levy Azure AD B2B vs B2C Matthew Levy
4/3/2019 3:20 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Microsoft 365 Business Technical Fundamentals Series
INTRODUCTION TO AZURE AD
Microsoft Virtual Academy
Presentation transcript:

IDaaS SHOWDOWN: Microsoft EM+S vs Okta By: Eric Raff & Joe Crandall

Who We Are Eric Raff Joe Crandall Joined JourneyTEAM April 2015 In IT industry for 20+ years Cloud Solutions Architect Identity & Access Management Architect SharePoint Architect Exchange Server Engineer OCS/Lync Engineer GroupWise Guy Published Author Teacher Joined JourneyTEAM October 2017 In IT industry for 12+ years Cloud Solutions Specialist Okta Guru Infrastructure Engineer VMWare, Virtual Desktop Firewall / Load balancing DevOps Client Engineer Endpoint management Operating Systems deployment Scripting & Automation

The Contenders Single Sign-On Multi-Factor Authentication Risk-based conditional access Device Management User Life-cycle Management Custom App integration The Contenders are Okta with it’s Universal Directory, and Rich application catalog, and Microsoft, the Incumbent with years of experience, and kitchen-sink approach to their services

SSO – Federated AuthN Pattern

What’s Included Microsoft EM+S "BUNDLES" Okta EM+S E3 vs. E5 https://www.microsoft.com/en-us/cloud- platform/enterprise-mobility-security- pricing Azure AD plans compared https://www.microsoft.com/en-us/cloud- platform/azure-active-directory-pricing Azure AD App Gallery To bundle or not to bundle? Multiple SKU’s Single Sign-On Adaptive Multi-factor Authentication Mobility Management + Lifecycle Management + Universal Directory API Access Management (OIDC) Okta Integration Network Thousands of applications ready for sso integration

Single Sign-On: Similarities AuthN methods Cloud Only Identities Password Hash (PWH) Passthrough (PTA) Seamless Single Sign On Federated SAML ODIC OAuth 2 WS-Fed (Okta for O365 only) Self Service PWD Reset Enterprise Application Catalog Custom dev apps Gallery apps Custom gallery app Application end user portal Per-application user assignments Password Vaulting Dynamic Attribute based Groups

Single Sign-On: Differences Microsoft Azure AD Okta Brandable login screen for tenant AAD App Proxy integration Azure AD Connect facilitates Sync & PTA, no 2nd agent needed Brandable login screens Tenant Per Application Login Widget – for custom dev / hosted login page User UPN authentication transformation Multiple username formats available Okta expression language Just in time provisioning Inbound Federation (SAML, OIDC) Okta Dynamic Groups support static membership

Multi-Factor Authentication Microsoft Okta Multiple options for MFA Microsoft Authenticator /w Push SMS Voice Call (Office or auth phone) Duo Security (preview) RSA SecureID (preview) On-Prem Microsoft MFA Windows Hello Azure MFA On-Prem Server Option NPS RADIUS extension for AAD MFA Multiple options for MFA Okta Verify /w Push Google Authenticator (OTP) SMS Email Voice Call Symantec VIP RSA SecureID Security Questions Windows Hello (Web Authentication) U2F Security Key (FIDO 1.0) / Yubikey Duo Security ADFS on-prem MFA integration Client (EA)

Risk-based Conditional Access Microsoft Okta Fine-grained access By device Location & Region Network / named location Per-application Policies are cumulative group-specific Integration to SharePoint online Security Graph API feeding Realtime user/signin risk (leaked creds) Device compliance as factor Custom CA Policy (preview) Fine-grained access By device Location & Region/State Network / named locations Per-application Policies are priority based group- specific Configurable Lock-out settings

Device Management Emerging MDM solution Full-fledged MDM solution Microsoft Okta Full-fledged MDM solution iOS, Android, Windows 10 Policies Device lockdown & config Email client setup VPN / WiFi Remote Wipe / Pin Reset /unlock Deploy Mobile Apps Device trusts MAM (supported apps only) Now in new Azure portal Emerging MDM solution Focused on Identity Management iOS, Android Device Trusts Deploy Mobile apps Policies VPN / Wifi Policies Email client configuration Remote wipe / Pin Reset / unlock

User Life-cycle Management Microsoft Okta Limited provisioning via AzureAD Limited HR as Master integration Workday Microsoft Identity Management (MIM) option Get the book on MIM Batch based synchronization / scheduled First Class integration into many cloud-based applications: Workday, Salesforce, Office365, Box, GoToMeeting Universal Directory Multi Profile-Master Attribute manipulation and transformation per-application – Okta Expression Language Provision/De-provision users into many applications Custom Schema galore Near real-time engine User editable UD attributes via Okta Profile

IDaaS B2C / B2B Push for B2C Push for B2B Microsoft Okta Push for B2C Customers identity into a companies services Separate Directory for B2C Customization login experience Push for B2B Now allows cross-tenant federation to share documents in Office365 Cross-business federation for employees and identity information AAD does not support Inbound SAML from multiple external IdP’s – Need ADFS Push for B2C Customers identity into a companies services Integrated into Universal Directory Customization login experience Push for B2B Cross-business federation for employees and identity information Inbound SAML from multiple IdP’s

Custom Application Integration Microsoft Okta Visual Studio integration Allows developers to create ODIC endpoints in Azure AD Together with Azure App Service a developer can create and deploy an application with minimal knowledge of infrastructure ADAL/MSAL and OWIN libraries Powershell Graph API (multiple) Graph Explorer Detailed documentation OIDC integration for newer applications API for Access and Authorization POSTman collection Developer.okta.com Excellent documentation for application integration Community Powershell access

Our Take on Gartner Placing Microsoft Okta Vision (Broader offering) Azure Information Protection (AIP) Azure Identity Protection Azure AD Directory services Cloud App Security (CASB) Intune MDM / MAM Policies, App Store, App Deployment Security Graph API Hybrid and on-prem integration AAD Application Proxy PingAccess Privileged Identity Manager (PIM) Desktop VDI Execution Faster to deploy features Almost weekly releases Feature Flag He!! Designed & built cloud-first IDaaS More knobs and buttons Better app integration Best of Breed 3rd Party Integrations Outside Microsoft Ecosystem – culturally Went public April 2017

Summary / Take Away Okta is simpler overall architecture Microsoft is more comprehensive bundle of services Okta is better at SSO integrations Microsoft has powerful Conditional access framework Okta is much better at User Lifecycle management Microsoft Exchange hybrid scenario = AAD Connect required Okta for more advanced/complicated service provider integrations Microsoft only integrations = EM+S Okta Vendor Neutrality JourneyTEAM can help you with either/both

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.