Comparison: Microsoft Azure B2C vs Okta Identity Cloud

Just something one of my colleagues had written up and thought was interesting to share. I don’t take credit for it nor full responsibility of accuracy of it. Feel free to rebuttal.

FeaturesMicrosoft Azure B2COkta Identity Cloud
Ability to protect other application's API using OpenID Connect and OUATH protocol/frameworkYesYes
API based enrolmentYes but can't register a phone number that will be used as a MFA factor. The reason being not able to do this is because of OpenID Connect restriction over impersonation principle. This feature might come in 2019.Yes. But Okta user management is not yet OAUTH/OpenID Connect compliant
Federated SSO based on SAML and OpenID ConnectYesYes
Force Password ChangeNo (not out of the box but can be done through customisation)Yes
Identity Lifecycle Approvals (both for self-enrolment, API triggerred enrolment)NoYes (very suitable for Okta to act as external identity onboarding tool)
MFA FactorsOTP over SMS and Voice Call (Officially). Microsoft App (Separate commercials, professional service engagement and not out of the box at the moment. Official support is expected in 2019)OTP over SMS & Voice Call, Octa Verify Mobile App TOTP and Push Notification, Security Questions, Fido U2F, RSA SecurID, FIDO2 Microsoft Hello (very good range of MFA options - a major strength)
Non federated SSONo (It's designed as not to be)Yes (a major strength)
Notification templates customisations (SMS and Email)only EmailBoth Email and SMS
Password RecoveryYes (only SMS/Voice Call/Email OTP as Identity Proofing methods)Yes (all MFA factors can be identity proofing methods)
Programming support for customisationC#. (Java Script support is expected in 2019)C#, Java, Java Script (a major strength)
Risk Scoring and Step-up MFA (Adaptive/Contextual)NoNo. Okta Threat Insight product is in beta phase now. They would be integrating with Okta Identity Platform in 2019. Currently Okta Identity Cloud support a tightly coupled MFA policy when it comes to IP/network zones, black listed countries, region/location, devices etc.
Self-activation of credential such as setting a password post enrolled through an APINo (a major drawback)Yes
Syncing from on-premise ADYesYes
User Interface Customisation and support of CORS (cross origin resource sharing)Yes (But require Custom Sign On policies for flexibility) and a separate Azure Blob storage subscription.Yes. Very flexible to host custom pages in Okta Identity Cloud tenant and also for pages hosted in remote servers.
User management API compliant with OpenID Connect and OAUTHYes (major strength on security here)No (Proprietary protocol at the moment. Quite surprising)
User to Application access mappingNoYes (pretty good on security here)
Web based self-enrolment and activationYesYes

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.