Running your own local AuthN/AuthZ is more than just 'install it on a box in the closet'. I don't blame anyone for letting one of the giants do this on their behalf -- they have the expertise, though I agree I wouldn't touch Okta.

▲

kondro 2 hours ago | parent | next [-]

Running your own AuthN/AuthZ with an off-the-shelf OSS is very straight-forward (as a SaaS product at least) and isn't any more burdensome from a security perspective than what you're already doing for your core service.

This isn't email.

	▲	p_ing 2 hours ago \| parent [-]
		Running Active Directory is as easy as it gets. Protecting the Golden Ticket is not.

▲

pphysch 6 hours ago | parent | prev [-]

For your average enterprise it really is that simple. Register some IDPs. Connect a backend. Add some clients over time.

Yes, you need someone to wear the IAM admin hat. But once you get it configured and running it requires 0.1 FTE or less (likely identical to whatever your Okta admin would be). Not worth 6+ figures a year and exposure to Okta breach risk.

▲

p_ing 3 hours ago | parent [-]

No, it isn't "simple". Protecting your IdP is critical and not easy.

Yes, creating a SAML integration is easy, but that's only one piece of the puzzle.

	▲	pphysch 2 hours ago \| parent \| next [-]
		Paying Azure a little bit to run an AD instance for you, IF you need to run your own IDP (a big if), is not a bad play and does not prevent you from saving lots of money by not using a dubious product like Okta.
	▲	2 hours ago \| parent \| prev [-]
		[deleted]