| ▲ | theoldgreybeard 7 hours ago |
| You couldn't pay me a billion dollars to use Okta. |
|
| ▲ | pphysch 7 hours ago | parent | next [-] |
| Sadly many people will spend a million dollars to use Okta for their 10,000 logins/day (read: <1 tps) instead of running their own Keycloak or Authentik or whatever. OIDC is not scary, and advanced central authorization features (beyond group memberships) are a big ole YAGNI / complexity trap. |
| |
| ▲ | p_ing 6 hours ago | parent | next [-] | | Running your own local AuthN/AuthZ is more than just 'install it on a box in the closet'. I don't blame anyone for letting one of the giants do this on their behalf -- they have the expertise, though I agree I wouldn't touch Okta. | | |
| ▲ | kondro 2 hours ago | parent | next [-] | | Running your own AuthN/AuthZ with an off-the-shelf OSS is very straight-forward (as a SaaS product at least) and isn't any more burdensome from a security perspective than what you're already doing for your core service. This isn't email. | | |
| ▲ | p_ing 2 hours ago | parent [-] | | Running Active Directory is as easy as it gets. Protecting the Golden Ticket is not. |
| |
| ▲ | pphysch 6 hours ago | parent | prev [-] | | For your average enterprise it really is that simple. Register some IDPs. Connect a backend. Add some clients over time. Yes, you need someone to wear the IAM admin hat. But once you get it configured and running it requires 0.1 FTE or less (likely identical to whatever your Okta admin would be). Not worth 6+ figures a year and exposure to Okta breach risk. | | |
| ▲ | p_ing 3 hours ago | parent [-] | | No, it isn't "simple". Protecting your IdP is critical and not easy. Yes, creating a SAML integration is easy, but that's only one piece of the puzzle. | | |
| ▲ | pphysch 2 hours ago | parent | next [-] | | Paying Azure a little bit to run an AD instance for you, IF you need to run your own IDP (a big if), is not a bad play and does not prevent you from saving lots of money by not using a dubious product like Okta. | |
| ▲ | 2 hours ago | parent | prev [-] | | [deleted] |
|
|
| |
| ▲ | trollbridge 7 hours ago | parent | prev [-] | | The workload to run Authentik locally is about identical to the workload to set up and configure Okta. (Or you could just fine someone who will host Authentik for you, if deploying a container is too hard for you.) |
|
|
| ▲ | mrcwinn 7 hours ago | parent | prev [-] |
| You just literally saved me one billion dollars. The offer was incoming! |
