DEV Community

Ross Henderson
Ross Henderson

Posted on

Has anyone used Okta?

So my company is looking at Okta to be a new solution to allow our SSO credentials to be passed on through website to website. Has anyone used this solution before?

For more details: https://www.okta.com/products/single-sign-on/

Oldest comments (16)

Collapse
 
rhymes profile image
rhymes

I haven't used Okta yet, but one of its developers, Randall Degges @rdegges , hangs out here and wrote one of my favorite rants on this websites which is not about Okta but still might be useful in term of authentication:

Collapse
 
lysofdev profile image
Esteban Hernández

tl;dr - LocalStorage is not encrypted or domain-restricted. Basically, any JS script can read your LocalStorage and compromise your authentication tokens. Use Cookies instead.

Collapse
 
jess profile image
Jess Lee

I believe @aaronpk @dogeared have used Okta before!

Collapse
 
jeffreyfate profile image
Jeffrey Fate

My company uses it. What questions are you looking to answer?

Collapse
 
scottishross profile image
Ross Henderson

Some fairly simple ones. Our IT ticketing platform, ServiceNow, uses it and I just don't feel it works as intended.

  • Does Okta work well?
  • Is implementing Okta a difficult process?
  • Where there any valid security concerns?
  • What's your personal view on it?

Cheers!

Collapse
 
rdegges profile image
Randall Degges

I work at Okta, but we use the Okta product every day at work, so I'll only comment on it as a user.

Does it work well? Ya! it's super simple/nice. I use it to log into all of my work apps.

Is implementing it difficult? No... Although it depends on what services you want to configure it with. Most of the work is just exchanging credentials initially. There are a lot of docs/videos/courses you can do if you want help.

Are there any valid security concerns? The only one I can think of is that Okta is going to become a single-point-of-failure for your users. So instead of having users sign into each service directly, they'll now sign into each service through Okta. So if Okta goes down or gets hacked, the risk is larger. But that said: Okta's gone through a ton of security audits and spent a lotttt of $$$ on this sort of prevention. It's a large publicly traded company with a lot of resources.

What's my personal view on it? I like it. I didn't know anything about Okta before working here but the service is top notch. It's going to be annoying if I ever leave Okta and have to work someplace without it. I remember at my last company we had a shared lastpass account with a million passwords in it. Half the time some service would force someone to change a password and they wouldn't update it in lastpass and then bam: shit doesn't work and it was crazy annoying.

Thread Thread
 
scottishross profile image
Ross Henderson

Thanks for taking the time to reply, I appreciate it!

It does sound like Okta is a great tool and I am excited for if it ever gets implemented. Enterprise-wise SSO sounds like a dream come true and this could easily become a standard SSO service for pretty much anyone.

Thread Thread
 
ale_annini profile image
Alessandro Annini

May I ask why is Okta better than Auth0, in your opinion?

Collapse
 
elmuerte profile image
Michiel Hendriks

I've used Okta to test, and further develop, SAML2 support for our enterprise application. From all the other services I tested (Auth0, SSOCircle) I liked Okta the most. Quite some functionality and possibilities. The best part: You can sign up for a developer account for free, without any serious limitations, and not even get harassed by their sales.

Collapse
 
scottishross profile image
Ross Henderson

That's great to know! Thanks for your reply

Collapse
 
ben profile image
Ben Halpern

Can someone give me the TL;DR on Okta?

I'm curious but want to make sure I'm not missing the point.

Collapse
 
helenanders26 profile image
Helen Anderson • Edited

I can't speak to the implementation side, but as an end user, I find it useful.

It makes the apps we use more secure by putting them behind a sign on and if you give the Internal IT engineers a list of what your new starter needs it makes onboarding new people a breeze.

Collapse
 
mraible profile image
Matt Raible

I'm a developer advocate at Okta, I'll give it a whirl. The TL;DR is that a lot of companies use it to provide SSO to their employees. They log in to their Okta dashboard at company.okta.com, then they can log in to all their apps (0365, Salesforce, Concur, etc.) with a single click. It's like 1Password for the enterprise.

We also provide "Customer Identity", which means you can use our APIs to add authn/authz to your custom-built applications. Then you can provide these apps to your customers and they can register, log in, and use your apps. You don't have to write any auth code. Our APIs support industry standards like SAML, OAuth 2.0, and OIDC.

Collapse
 
mikesimons profile image
Mike Simons

Okta for SSO works pretty well and their API is pretty good too.
The OIDC implementation has me tearing my hair out though. Docs are outright misleading in places.

Collapse
 
mraible profile image
Matt Raible

Our docs are all stored in an open source project on GitHub. You can create issues about the things that are misleading and we'll get them fixed!

Collapse
 
jasonlotito profile image
Jason Lotito

You've had most of your questions answered. One thing I want to throw out there is that Okta has CLI support as well. We use AWS and Okta, and I'm able to use my credentials from Okta when using the terminal and AWS's CLI tooling.