Has anyone used Okta?
#discuss
Ross Henderson

Ross Henderson @scottishross

About: Oracle, APEX, .Net, Xamarin.Forms, Flutter, Scrum Master, Musician, Dog Lover https://www.littlevictories.app/

Location:
UK
Joined:
Nov 11, 2017

Has anyone used Okta?

Publish Date: Oct 19 '18
16 16

So my company is looking at Okta to be a new solution to allow our SSO credentials to be passed on through website to website. Has anyone used this solution before?

For more details: https://www.okta.com/products/single-sign-on/

Comments 16 total

  • rhymes
    rhymesOct 19, 2018

    I haven't used Okta yet, but one of its developers, Randall Degges @rdegges , hangs out here and wrote one of my favorite rants on this websites which is not about Okta but still might be useful in term of authentication:

    rdegges image

    Please Stop Using Local Storage

    Randall Degges

    #programming#security#javascript
    • Esteban Hernández
      Esteban HernándezOct 19, 2018

      tl;dr - LocalStorage is not encrypted or domain-restricted. Basically, any JS script can read your LocalStorage and compromise your authentication tokens. Use Cookies instead.

  • Jess Lee
    Jess LeeOct 19, 2018

    I believe @aaronpk @dogeared have used Okta before!

  • Jeffrey Fate
    Jeffrey FateOct 19, 2018

    My company uses it. What questions are you looking to answer?

    • Ross Henderson
      Ross HendersonOct 19, 2018

      Some fairly simple ones. Our IT ticketing platform, ServiceNow, uses it and I just don't feel it works as intended.

      • Does Okta work well?
      • Is implementing Okta a difficult process?
      • Where there any valid security concerns?
      • What's your personal view on it?

      Cheers!

      • Randall Degges
        Randall DeggesOct 20, 2018

        I work at Okta, but we use the Okta product every day at work, so I'll only comment on it as a user.

        Does it work well? Ya! it's super simple/nice. I use it to log into all of my work apps.

        Is implementing it difficult? No... Although it depends on what services you want to configure it with. Most of the work is just exchanging credentials initially. There are a lot of docs/videos/courses you can do if you want help.

        Are there any valid security concerns? The only one I can think of is that Okta is going to become a single-point-of-failure for your users. So instead of having users sign into each service directly, they'll now sign into each service through Okta. So if Okta goes down or gets hacked, the risk is larger. But that said: Okta's gone through a ton of security audits and spent a lotttt of $$$ on this sort of prevention. It's a large publicly traded company with a lot of resources.

        What's my personal view on it? I like it. I didn't know anything about Okta before working here but the service is top notch. It's going to be annoying if I ever leave Okta and have to work someplace without it. I remember at my last company we had a shared lastpass account with a million passwords in it. Half the time some service would force someone to change a password and they wouldn't update it in lastpass and then bam: shit doesn't work and it was crazy annoying.

        • Ross Henderson
          Ross HendersonOct 22, 2018

          Thanks for taking the time to reply, I appreciate it!

          It does sound like Okta is a great tool and I am excited for if it ever gets implemented. Enterprise-wise SSO sounds like a dream come true and this could easily become a standard SSO service for pretty much anyone.

          • Alessandro Annini
            Alessandro AnniniOct 23, 2018

            May I ask why is Okta better than Auth0, in your opinion?

  • Michiel Hendriks
    Michiel HendriksOct 19, 2018

    I've used Okta to test, and further develop, SAML2 support for our enterprise application. From all the other services I tested (Auth0, SSOCircle) I liked Okta the most. Quite some functionality and possibilities. The best part: You can sign up for a developer account for free, without any serious limitations, and not even get harassed by their sales.

    • Ross Henderson
      Ross HendersonOct 22, 2018

      That's great to know! Thanks for your reply

  • Ben Halpern
    Ben HalpernOct 19, 2018

    Can someone give me the TL;DR on Okta?

    I'm curious but want to make sure I'm not missing the point.

    • Helen Anderson
      Helen AndersonOct 19, 2018

      I can't speak to the implementation side, but as an end user, I find it useful.

      It makes the apps we use more secure by putting them behind a sign on and if you give the Internal IT engineers a list of what your new starter needs it makes onboarding new people a breeze.

    • Matt Raible
      Matt RaibleOct 20, 2018

      I'm a developer advocate at Okta, I'll give it a whirl. The TL;DR is that a lot of companies use it to provide SSO to their employees. They log in to their Okta dashboard at company.okta.com, then they can log in to all their apps (0365, Salesforce, Concur, etc.) with a single click. It's like 1Password for the enterprise.

      We also provide "Customer Identity", which means you can use our APIs to add authn/authz to your custom-built applications. Then you can provide these apps to your customers and they can register, log in, and use your apps. You don't have to write any auth code. Our APIs support industry standards like SAML, OAuth 2.0, and OIDC.

  • Mike Simons
    Mike SimonsOct 21, 2018

    Okta for SSO works pretty well and their API is pretty good too.
    The OIDC implementation has me tearing my hair out though. Docs are outright misleading in places.

  • Jason Lotito
    Jason LotitoOct 22, 2018

    You've had most of your questions answered. One thing I want to throw out there is that Okta has CLI support as well. We use AWS and Okta, and I'm able to use my credentials from Okta when using the terminal and AWS's CLI tooling.

Add comment