Identity and access management tools are essential to protect business data and IP, and saw massive uptake in 2020. Despite the wide adoption, there is little room for niche players, and several large and long-standing vendors dominate the UK market: primarily Microsoft, but RSA, Google, AWS, Oracle and Okta are also significant players. Although on the surface quite different, many IT leaders end up comparing Microsoft’s Active Directory to Okta’s Workforce Identity.
As part of Computing Delta’s ongoing research into Microsoft vs Okta – and other such services – our research team has been asking senior IT professionals about their preferences to help you answer the question…
Which identity and access management tool should I choose?
Computing Delta’s analysis of this market, with interviews with more than 300 senior IT leaders who have used these services, is available to Delta subscribers; click here if you do not have access but would like to see the full report in a demo. More information, including comparisons with other vendors, is available in the Identity and Access Management Report. If you are looking to make an identity and access management platform comparison, this article provides a brief summary of the market leaders, Microsoft vs Okta.
What’s the difference between Microsoft Active Directory and Okta Workforce Identity?
- Deployment: Microsoft IAM has on-premises, hybrid and cloud-based versions (Azure Active Directory); Okta also operates on-prem and in the cloud, but is not tied to a single cloud supplier.
- Ease of use: IT leaders say Microsoft Active Directory is easier to use than Okta Workforce Identity.
- Pricing: Most Windows enterprise licenses include a free, basic version of Active Directory; Okta does not have a free version.
- Integrations: Active Directory integrates with thousands of common business apps and all Windows services, but Okta is platform-agnostic and able to run in a variety of environments.
Microsoft vs Okta – the background
Microsoft vs Okta is a difficult comparison to make, as the products operate very differently. This highlights a common issue in the space: a result of the vagueness of the term ‘identity and access management’.
At a very basic level, ‘identity and access management’ refers to the policies, processes and systems that bind users or a system to a set of permissions in the network – but that covers many different components. As a result, users refer to many different firms – from those that produce single components to providers of the full end-to-end technology stack – using the same label.
Microsoft Active Directory is available both on-prem, as a hybrid deployment and in the cloud (Azure Active Directory). It uses a directory called the data store, which contains information about objects on the network, including servers, user accounts and other physical resources. Although not a traditional identity and access management tool, Active Directory includes common features such as single sign-on (SSO), multi-factor authentication, privileged access management and identity governance.
Okta has two products, known as Workforce Identity and Customer Identity, referring to both as the Identity Cloud. Our report focuses on Workforce Identity, as Customer Identity is aimed at developers.
Workforce Identity is a full identity and access management suite. It is cloud-based and vendor-agnostic, so customers enjoy flexibility in their choice of providers for other services. It covers all the standard tools such as single sign-on, multi-factor authentication and user lifecycle management. Additional functions include API protection and the ability to extend Workforce Identity to on-premise apps.
Identity management and coronavirus
The massive shift to remote work in 2020 put identity and access management in the spotlight. More than two-thirds of Delta respondents said these tools became more important in the pandemic, and many have had to re-evaluate existing deployments – or look at changing their supplier altogether.
Okta put in a lot of work in 2020 to appeal to firms shifting to remote work. For example, it has highlighted Workforce Identity’s ability to unify both cloud and on-prem apps into a single portal, and focusing on user security rather than defending a perimeter. These changes, and related marketing push, have seen Okta grow strongly this year.
Microsoft, being an established cloud giant, has massive mindshare among UK IT leaders: more than twice as many respondents were aware of its identity and access management product compared to Okta’s. That said, the change in awareness around Okta has been strong compared to our previous report, rising from sub-30 per cent to nearly half of respondents.
Trialling saw a similar rise: just eight per cent of respondents had tested Workforce Identity in 2019, versus 14 per cent in 2020. Microsoft’s trialling figure also rose, but not as much as Okta’s – and, notably, Okta’s trialling rate was higher than any other firm aside from AWS, which only beat it by one per cent. Workforce Identity also had a higher rate of adoption than any other product aside from Active Directory.
While business tools like ERP, HR and unified communications are moving to the cloud, cybersecurity – including identity management – is slightly different. Security systems are often deployed in the same environment as the one they are protecting, so having an on-premises version is important for some users – hence why Microsoft still develops products for on-premises deployments, and Okta integrates with on-prem apps.
A Global Head of Infrastructure and Operations in the manufacturing sector said:I think you typically would choose a solution that fits with your architecture, so if you are moving towards a cloud strategy then you will try to find a solution that is going to fit with the enterprise architecture that you have around that. Click To Tweet
Both tools have a place: Active Directory is a user- and device management solution with popular components like single sign-on, while Workforce Identity focuses on user experience and compatibility with multiple vendors and apps.
Customers often use two or more identity and access management products to get best-in-breed functionality across their technology stack. They may use Active Directory for device management and Workforce Identity for users, for example.
While respondents to our survey said they would prefer to use a single solution, more than two-thirds used more than one. A CIO in higher education told us:Ideally you would have one, but I don’t think that’s possible, because I think you end up needing to bolt together different components. And therefore, even if you do have one, the one that you have will itself be an assemblage of different components. Click To Tweet
Microsoft vs Okta – at a glance
|Microsoft||Tight integrations with Microsoft ecosystem||Out-of-the-box solution provides only basic security and requires customisation|
|Clear pricing and licensing options||Actual prices are high and inflexible|
|Okta||Seamless user experience||Complex authentication methods and set-up|
|“industry-leading” integrations make single sign-on easy||Users report high hidden costs|
Microsoft vs Okta – pricing
Microsoft Active Directory is free for users of Microsoft Azure/Office 365. However, users can pay more to access additional functionality.
Azure Active Directory has four versions: Free, Office 365 apps edition, Premium P1 and Premium P2. The Free edition is included with an Azure subscription, and the Office 365 version with an Office 365 subscription (E1, E3, E5 or F3).
The Free edition manages up to 500,000 objects and single sign-on for 10 apps, and includes identity and access management standards like password management and multi-factor authentication. The O365 apps edition adds group access management, password reset for cloud users, SLAs and two-way synchronisation between on-prem and cloud directories.
Premium P1 includes additional functionality, including access to Microsoft Cloud App Discovery and application proxy; it also enables hybrid users to access both on-prem and cloud capabilities. Premium P2 includes more advanced identity protection features, such as privileged identity management. Pricing starts at £4.47 per user per month for Premium P1, and £6.71 per user per month for Premium P2.
Customers praised Okta for the clarity of its Workforce Identity pricing model. Each tool has an individual per-user per-month price, allowing for extreme modularity. The minimum annual contract is $1,500 (local pricing is only available on request), but volume discounts are available.
Each tool has ‘Standard’ and ‘Adaptive’ versions, which include expanded functionality like contextual access management for SSO and an on-prem provisioning SDK for Lifecycle Management.
|API Access Management||$2||N/A|
|Advanced Server Access||$15 per server per month (starting)||N/A|
The Microsoft vs Okta question can be either very clear-cut or extremely murky. Many users will already have access to some form of Active Directory by dint of their Microsoft license(s), and this may be enough for their needs. Otherwise, they may need to go through a license upgrade or switch to a different supplier, like Okta. This is a popular approach, and many firms use more than one vendor for best-in-breed solutions.
In the full research, find out what the major trends are in UK identity and access management; where the major vendors are going next; and how UK IT leaders use their IAM tools in anger.
For more information on Microsoft IAM versus RSA IAM – including interviews, case studies and data on how all three companies performed in our study – contact Delta today.