Forrester Wave: Enterprise Cloud Identity and Access Management.
Traditionally large enterprises have spent years — and millions of dollars — deploying and maintaining isolated islands of on-premises identity management software to manage access to a small number of applications that were within their datacenters, from a company managed PC, for just their employees.
However, legacy identity management software is simply not keeping pace with the identity management challenges of today's cloud, mobile, and increasingly interconnected business world
Okta provides an array of identity management solutions to solve your on-premises identity challenges, because we understand the complexity of on-premises infrastructure. Whether it is integration with new applications and security infrastructure or replacing existing identity management software, Okta's holistic approach ensures both a smooth transition and a future-proof solution.
Active Directory (or LDAP) is the cornerstone of most enterprise identity infrastructure. Like many legacy identity management systems, Okta can easily integrate with your directories – leveraging users and groups for authentication and authorization. Users can access any application, whether they are on-premise or in the cloud, using their Active Directory (or LDAP) credentials and with Integrated Windows Authentication they can achieve a seamless single sign-on experience.
Okta's On-Premises Provisioning Agent extends Okta's ability to provision and deprovision users to any on-premises application or database using a standard SCIM-based interface. Enterprises can ensure access is granted to employees when they need it and automatically removed when necessary. The agent leverages the same secure, reliable architecture underlying Okta's existing directory integration agent that reads and writes to core directories such as Active Directory and LDAP and provides a more general-purpose way of interacting with on-premises systems beyond those two core directories.
For applications deployed behind the firewall, identity management historically involved integration with a corporate directory and a web access management solution to provide single sign-on. Okta can integrate with an existing web access management solution to just handle the cloud applications initially, or Okta can replace your web access management solution in total.
Network gateways have typically been the boundary that governs access to resources behind a company's firewall. Virtual Private Networks (VPNs) have been deployed to manage this access. Okta integrates seamlessly with SSL-VPN solutions to complement your existing investments. Okta also provides options to easily replace or integrate with existing strong authentication solutions - such as RADIUS - and supports integration with your existing multifactor authentication vendors such as Verisign VIP or RSA. In addition, Okta allows you to protect your cloud applications by restricting access to users behind the network if needed – providing the same level of security as the rest of your on-premises applications.
Even with the adoption of more cloud applications, most enterprises are left with a "hybrid" identity management environment that is a mix of cloud and on-premises applications. Adding to the task, access to these applications is no longer restricted to desktops and browsers behind the firewall only. Okta offers a phased approach to tackle your hybrid IT needs. Integrate Okta to start with your legacy on-premises identity management solution and then migrate away from legacy solutions over time and use Okta for all of your Web Access and Network Access Management needs.
By offering a phased approach, Okta allows you to seamlessly adapt your identity architecture to new cloud and web applications and then migrate off of older software solutions over time. Regardless of your pace, Okta has the right solution to guide you through the transition from legacy identity software to a modern identity management service.