Is there even a reason to use Okta SSO?<p>Every company actively decides at some point in time how employees shall login to SaaS vendors. The typical answer for early stage companies is Google SSO, whereas later stage companies tend to switch to Okta SSO.<p>In the early SSO days Okta was the best option to get MFA and granular controls. However, nowadays Google is offering 2FA as well. It’s also often the default option with many SaaS vendors and therefore neither requires manually setting up SSO nor requires an enterprise-subscription (see [sso.tax](http://sso.tax) for reference).<p>Therefore, why do you believe people should still use Okta?<p>- Is the biggest reason to use Okta their SCIM-Provisioning, RBAC etc.?<p>- Are there any limitations in Google Workspace that only Okta solves?<p>- Or for the Google folks out there: What’s the reason you are sticking with Google SSO?
My company has been an Okta customer for several years and I'm responsible for administering it. However I don't have experience with other SSO products, so would be interested to hear what the experience is like on the other side.<p>The key thing for me is SCIM provisioning support, but not just that. There are quite a few apps that don't support SCIM, but Okta has built integrations for them anyway using API keys, etc. I understand you can build your own via Okta workflows also but I haven't done this.<p>We have oversight of all accounts linked to a given user, even if SSO is not supported by the service. Deprovisioning a user creates a task list of what should be manually eliminated also, which is great for our admin staff.<p>It interacts with Intune via SCEP so we can know that logins are coming from a trusted corporate device. This is mandated by some of our larger clients.<p><potential-naivety>The final thing I like is that a large part of Okta's business is their IDP software (vs their Auth0 competitor they don't use). I do like specialist businesses for something like this. The software is less likely to end up in maintenance mode if it's not one product line out of hundreds.</potential-naivety>
I don't see why anyone would ever use Google anything for a business critical use. They seem allergic to providing customer support for anything other than advertising.
Two things jump to mind:<p>* Okta has customer service people. So if there are issues, you can get help.<p>* SSO is Okta's main business, as opposed to a side hustle competing for attention with a gushing cash machine. That means they'll continue to move it forward.<p>I work for an Okta competitor, but those are the reasons that come to mind for me.<p>That said, Google is great for companies up to a certain size and Okta isn't going to be cheap. But at some point you get what you pay for.
Nothing related to Okta Vs Google SSO.<p>But I think I can add my 2 cents on why people who are already using something like Okta, will take into consideration before switching.<p>- Pricing, is it going to be significantly cheaper for the organisation in the long run?<p>If not it's not worth disrupting 100s of applications for 1000s of people, and not to mention the overhead of tech ops setting this up for everyone for a few thousand dollars per year.<p>But if the cost saving is in millions or 100s of thousands of dollars? why not .. i think then they can afford to disrupt the existing flow<p>- Bandwidth to perform this migration, do we have enough room to do this. Chances are people are already fighting with the existing burning issues.<p>- Customer support
Okta is one of those companies that just dominates their niche. They're good enough and cheap enough that it's a no brainer. They're not going to go out of business and any SAAS that an organization might use will be supported. The upside of saving whatever handful of dollars per user you spend with Okta isn't worth the risk/hassle of switching away from what everyone else uses.
The anecdotes of Google locking out accounts makes me distrust Google SSO. From memory:<p>For an alleged violation on one Google service, all the other services were disabled too.<p>For an alleged violation from one Google account, all the other accounts of the person were disabled too.<p>All accounts of a company were disabled because of one employee's alleged misdeeds.<p>I don't know whether Okta is good but my perception of all Google authentication is, and will always be, negative.
Few things:<p>- Okta is more enterprisey and complicated and works if you are a large company. It has now become one of those tools where "no one gets fired for buying IBM" analogy can be applied. CIos can justify Okta much faster than Google Workspace.<p>- Google Workspace is simpler but may lack some granular controls that Okta provides.<p>You got it right. Smaller companies are good enough with Google Workspace nowadays but larger ones need the "enterprise" stamp.
You want to enforce some more controls when you access to critical things, such as AWS, you can't with Google. It has no granular controls. Otherwise it's much easier. We use JumpCloud though, it's a mix between and more comprhensible.
Honestly the reason we went with okta is because many vendors seem to support it and have help articles specifically for how to integrate with Okta vs just OIDC/SAML or general SCIM.