Just something one of my colleagues had written up and thought was interesting to share. I don’t take credit for it nor full responsibility of accuracy of it. Feel free to rebuttal.
Features | Microsoft Azure B2C | Okta Identity Cloud |
---|---|---|
Ability to protect other application's API using OpenID Connect and OUATH protocol/framework | Yes | Yes |
API based enrolment | Yes but can't register a phone number that will be used as a MFA factor. The reason being not able to do this is because of OpenID Connect restriction over impersonation principle. This feature might come in 2019. | Yes. But Okta user management is not yet OAUTH/OpenID Connect compliant |
Federated SSO based on SAML and OpenID Connect | Yes | Yes |
Force Password Change | No (not out of the box but can be done through customisation) | Yes |
Identity Lifecycle Approvals (both for self-enrolment, API triggerred enrolment) | No | Yes (very suitable for Okta to act as external identity onboarding tool) |
MFA Factors | OTP over SMS and Voice Call (Officially). Microsoft App (Separate commercials, professional service engagement and not out of the box at the moment. Official support is expected in 2019) | OTP over SMS & Voice Call, Octa Verify Mobile App TOTP and Push Notification, Security Questions, Fido U2F, RSA SecurID, FIDO2 Microsoft Hello (very good range of MFA options - a major strength) |
Non federated SSO | No (It's designed as not to be) | Yes (a major strength) |
Notification templates customisations (SMS and Email) | only Email | Both Email and SMS |
Password Recovery | Yes (only SMS/Voice Call/Email OTP as Identity Proofing methods) | Yes (all MFA factors can be identity proofing methods) |
Programming support for customisation | C#. (Java Script support is expected in 2019) | C#, Java, Java Script (a major strength) |
Risk Scoring and Step-up MFA (Adaptive/Contextual) | No | No. Okta Threat Insight product is in beta phase now. They would be integrating with Okta Identity Platform in 2019. Currently Okta Identity Cloud support a tightly coupled MFA policy when it comes to IP/network zones, black listed countries, region/location, devices etc. |
Self-activation of credential such as setting a password post enrolled through an API | No (a major drawback) | Yes |
Syncing from on-premise AD | Yes | Yes |
User Interface Customisation and support of CORS (cross origin resource sharing) | Yes (But require Custom Sign On policies for flexibility) and a separate Azure Blob storage subscription. | Yes. Very flexible to host custom pages in Okta Identity Cloud tenant and also for pages hosted in remote servers. |
User management API compliant with OpenID Connect and OAUTH | Yes (major strength on security here) | No (Proprietary protocol at the moment. Quite surprising) |
User to Application access mapping | No | Yes (pretty good on security here) |
Web based self-enrolment and activation | Yes | Yes |