Just something one of my colleagues had written up and thought was interesting to share. I don’t take credit for it nor full responsibility of accuracy of it. Feel free to rebuttal.
Features | Microsoft Azure B2C | Okta Identity Cloud |
---|---|---|
Ability to protect other application's API using OpenID Connect and OUATH protocol/framework | Yes | Yes |
API based enrolment | Yes but can't register a phone number that will be used as a MFA factor. The reason being not able to do this is because of OpenID Connect restriction over impersonation principle. This feature might come in 2019. | Yes. But Okta user management is not yet OAUTH/OpenID Connect compliant |
Federated SSO based on SAML and OpenID Connect | Yes | Yes |
Force Password Change | No (not out of the box but can be done through customisation) | Yes |
Identity Lifecycle Approvals (both for self-enrolment, API triggerred enrolment) | No | Yes (very suitable for Okta to act as external identity onboarding tool) |
MFA Factors | OTP over SMS and Voice Call (Officially). Microsoft App (Separate commercials, professional service engagement and not out of the box at the moment. Official support is expected in 2019) | OTP over SMS & Voice Call, Octa Verify Mobile App TOTP and Push Notification, Security Questions, Fido U2F, RSA SecurID, FIDO2 Microsoft Hello (very good range of MFA options - a major strength) |
Non federated SSO | No (It's designed as not to be) | Yes (a major strength) |
Notification templates customisations (SMS and Email) | only Email | Both Email and SMS |
Password Recovery | Yes (only SMS/Voice Call/Email OTP as Identity Proofing methods) | Yes (all MFA factors can be identity proofing methods) |
Programming support for customisation | C#. (Java Script support is expected in 2019) | C#, Java, Java Script (a major strength) |
Risk Scoring and Step-up MFA (Adaptive/Contextual) | No | No. Okta Threat Insight product is in beta phase now. They would be integrating with Okta Identity Platform in 2019. Currently Okta Identity Cloud support a tightly coupled MFA policy when it comes to IP/network zones, black listed countries, region/location, devices etc. |
Self-activation of credential such as setting a password post enrolled through an API | No (a major drawback) | Yes |
Syncing from on-premise AD | Yes | Yes |
User Interface Customisation and support of CORS (cross origin resource sharing) | Yes (But require Custom Sign On policies for flexibility) and a separate Azure Blob storage subscription. | Yes. Very flexible to host custom pages in Okta Identity Cloud tenant and also for pages hosted in remote servers. |
User management API compliant with OpenID Connect and OAUTH | Yes (major strength on security here) | No (Proprietary protocol at the moment. Quite surprising) |
User to Application access mapping | No | Yes (pretty good on security here) |
Web based self-enrolment and activation | Yes | Yes |
Can this comparison matrix be updated to reflect announcements from ignite2019?
Hi Brent.. Haven’t been able to catchup with Ignite 2019 updates. Didn’t write the original comparison table. If you have the info, please feel free to email me and I can update the article!!!
Appreciate you visiting my site 🙂