On 2013-12-19 at 14:24 -0500, Peter Grace wrote: > we're investigating some SSO apps that will help us keep everything keyed > off of our Active Directory setup. > > I'm kicking the tires on Okta which is what I understand to be a major > contender in this space but I'm curious to see if anyone else uses their > service and what their experience is like. > > If not Okta, what cloud SSO providers have you considered or used, any > thoughts on the other options in the space?
A couple of different ecosystems with two competitors at the heart of them, give you some options: My understanding is that Microsoft's Azure ADFS is able to sync from on-premises ADFS and pretty much act as a bridge for public SSO with web apps; this is a managed service (SaaS), not you running ADFS inside Azure yourself. I also understand that they're currently pricing this as "free", as a service to existing customers to keep them happy with ADFS internally, but with premium offerings you can pay for. If your main requirement is Google Auth, or apps which accept Google Auth, then Google Apps supports talking to ADFS as a Relying Party. http://www.huggill.com/2012/01/12/setting-up-google-apps-single-sign-on-sso-with-adfs-2-0-and-a-custom-sts-such-as-identityserver/ Salesforce also have integration, if your base of relying apps are more in the CRM family. TBH, the circles I move in these days, identity providers which are commonly accepted are Facebook then Twitter then either Google or GitHub, in that order; so if catering to people like me, with ADFS as the source, I'd point to Google integration. But (1) I'm not typical and (2) you don't necessarily need to pick just one external identity provider, as long as the management overheads for each one are minimal and your internal directory remains the single source of truth. -Phil _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
