Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDaaS SHOWDOWN: Microsoft EM+S vs Okta

Published byAdelia Carroll Modified over 5 years ago

Similar presentations

Presentation on theme: "IDaaS SHOWDOWN: Microsoft EM+S vs Okta"— Presentation transcript:

1 IDaaS SHOWDOWN: Microsoft EM+S vs Okta
By: Eric Raff & Joe Crandall

2 Who We Are Eric Raff Joe Crandall Joined JourneyTEAM April 2015
In IT industry for 20+ years Cloud Solutions Architect Identity & Access Management Architect SharePoint Architect Exchange Server Engineer OCS/Lync Engineer GroupWise Guy Published Author Teacher Joined JourneyTEAM October 2017 In IT industry for 12+ years Cloud Solutions Specialist Okta Guru Infrastructure Engineer VMWare, Virtual Desktop Firewall / Load balancing DevOps Client Engineer Endpoint management Operating Systems deployment Scripting & Automation

3 The Contenders Single Sign-On Multi-Factor Authentication
Risk-based conditional access Device Management User Life-cycle Management Custom App integration The Contenders are Okta with it’s Universal Directory, and Rich application catalog, and Microsoft, the Incumbent with years of experience, and kitchen-sink approach to their services

4 SSO – Federated AuthN Pattern

5 What’s Included Microsoft EM+S "BUNDLES" Okta EM+S E3 vs. E5
platform/enterprise-mobility-security- pricing Azure AD plans compared platform/azure-active-directory-pricing Azure AD App Gallery To bundle or not to bundle? Multiple SKU’s Single Sign-On Adaptive Multi-factor Authentication Mobility Management + Lifecycle Management + Universal Directory API Access Management (OIDC) Okta Integration Network Thousands of applications ready for sso integration

6 Single Sign-On: Similarities
AuthN methods Cloud Only Identities Password Hash (PWH) Passthrough (PTA) Seamless Single Sign On Federated SAML ODIC OAuth 2 WS-Fed (Okta for O365 only) Self Service PWD Reset Enterprise Application Catalog Custom dev apps Gallery apps Custom gallery app Application end user portal Per-application user assignments Password Vaulting Dynamic Attribute based Groups

7 Single Sign-On: Differences
Microsoft Azure AD Okta Brandable login screen for tenant AAD App Proxy integration Azure AD Connect facilitates Sync & PTA, no 2nd agent needed Brandable login screens Tenant Per Application Login Widget – for custom dev / hosted login page User UPN authentication transformation Multiple username formats available Okta expression language Just in time provisioning Inbound Federation (SAML, OIDC) Okta Dynamic Groups support static membership

8 Multi-Factor Authentication
Microsoft Okta Multiple options for MFA Microsoft Authenticator /w Push SMS Voice Call (Office or auth phone) Duo Security (preview) RSA SecureID (preview) On-Prem Microsoft MFA Windows Hello Azure MFA On-Prem Server Option NPS RADIUS extension for AAD MFA Multiple options for MFA Okta Verify /w Push Google Authenticator (OTP) SMS Voice Call Symantec VIP RSA SecureID Security Questions Windows Hello (Web Authentication) U2F Security Key (FIDO 1.0) / Yubikey Duo Security ADFS on-prem MFA integration Client (EA)

9 Risk-based Conditional Access
Microsoft Okta Fine-grained access By device Location & Region Network / named location Per-application Policies are cumulative group-specific Integration to SharePoint online Security Graph API feeding Realtime user/signin risk (leaked creds) Device compliance as factor Custom CA Policy (preview) Fine-grained access By device Location & Region/State Network / named locations Per-application Policies are priority based group- specific Configurable Lock-out settings

10 Device Management Emerging MDM solution Full-fledged MDM solution
Microsoft Okta Full-fledged MDM solution iOS, Android, Windows 10 Policies Device lockdown & config client setup VPN / WiFi Remote Wipe / Pin Reset /unlock Deploy Mobile Apps Device trusts MAM (supported apps only) Now in new Azure portal Emerging MDM solution Focused on Identity Management iOS, Android Device Trusts Deploy Mobile apps Policies VPN / Wifi Policies client configuration Remote wipe / Pin Reset / unlock

11 User Life-cycle Management
Microsoft Okta Limited provisioning via AzureAD Limited HR as Master integration Workday Microsoft Identity Management (MIM) option Get the book on MIM Batch based synchronization / scheduled First Class integration into many cloud-based applications: Workday, Salesforce, Office365, Box, GoToMeeting Universal Directory Multi Profile-Master Attribute manipulation and transformation per-application – Okta Expression Language Provision/De-provision users into many applications Custom Schema galore Near real-time engine User editable UD attributes via Okta Profile

12 IDaaS B2C / B2B Push for B2C Push for B2B
Microsoft Okta Push for B2C Customers identity into a companies services Separate Directory for B2C Customization login experience Push for B2B Now allows cross-tenant federation to share documents in Office365 Cross-business federation for employees and identity information AAD does not support Inbound SAML from multiple external IdP’s – Need ADFS Push for B2C Customers identity into a companies services Integrated into Universal Directory Customization login experience Push for B2B Cross-business federation for employees and identity information Inbound SAML from multiple IdP’s

13 Custom Application Integration
Microsoft Okta Visual Studio integration Allows developers to create ODIC endpoints in Azure AD Together with Azure App Service a developer can create and deploy an application with minimal knowledge of infrastructure ADAL/MSAL and OWIN libraries Powershell Graph API (multiple) Graph Explorer Detailed documentation OIDC integration for newer applications API for Access and Authorization POSTman collection Developer.okta.com Excellent documentation for application integration Community Powershell access

14 Our Take on Gartner Placing
Microsoft Okta Vision (Broader offering) Azure Information Protection (AIP) Azure Identity Protection Azure AD Directory services Cloud App Security (CASB) Intune MDM / MAM Policies, App Store, App Deployment Security Graph API Hybrid and on-prem integration AAD Application Proxy PingAccess Privileged Identity Manager (PIM) Desktop VDI Execution Faster to deploy features Almost weekly releases Feature Flag He!! Designed & built cloud-first IDaaS More knobs and buttons Better app integration Best of Breed 3rd Party Integrations Outside Microsoft Ecosystem – culturally Went public April 2017

15 Summary / Take Away Okta is simpler overall architecture
Microsoft is more comprehensive bundle of services Okta is better at SSO integrations Microsoft has powerful Conditional access framework Okta is much better at User Lifecycle management Microsoft Exchange hybrid scenario = AAD Connect required Okta for more advanced/complicated service provider integrations Microsoft only integrations = EM+S Okta Vendor Neutrality JourneyTEAM can help you with either/both

16 THANK YOU

Download ppt "IDaaS SHOWDOWN: Microsoft EM+S vs Okta"

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Eric Raff. Usergroup up

Eric Raff. Usergroup up
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.

Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google