Okta Identity Governance

1. The administrative burden is light and integrating new systems is easy. 2. The end user experience has improved considerably in the past year and, while there is still some work to be done when it comes to customization & communication, the system is a lot easier to explain cross-functionally. 3. The audit process is straightforward, easy to use & setup and allows us to achieve our compliance goals much faster than before.

The most significant factor that led to the selection of Okta was its cost-effectiveness. This was an overwhelming primary driver for our organization, influenced by significant cost pressures within our industry. The existing relationship with Okta, having already been a customer using their two-factor authentication (2FA) solution, also played a role in the decision-making process. Their 2FA platform has consistently worked well for our applications over several years, providing a reliable foundation. Another positive aspect identified is the relative ease of implementation. For many of the basic identity governance functions, Okta offers a straightforward, one-to-one mapping of requirements. This simplicity in handling fundamental tasks streamlines the migration process from our previous system. Furthermore, the user interface (UI) is very straightforward, contributing to a positive user experience. This ease of use extends to their existing 2FA product as well, which is also characterized by a simple UI. While I acknowledge that a simpler UI can be a direct result of fewer features in comparison to more comprehensive IGA solutions, the current straightforwardness is a definite benefit. From a return on investment (ROI) perspective, Okta is anticipated to deliver value by covering approximately 65% of our targeted needs. This percentage, combined with the significant cost reduction achieved by transitioning to Okta, means that the product is indeed meeting our organization's expectations in terms of value delivery for the price. This aspect, particularly the cost savings, was the primary motivation for the entire transition.

1. Request Types V2 2. The introduction of delegation for managers 3. The use of delegated workflows in Request Type V1 and V2

- Communication. We find a lot of end users struggle to use some of the features because they do not understand which buttons to select and there is not a way for me to customize the verbiage. - Limiting features. Some of the product features, such as the inability for users to see what they already have or to block them from re-requesting it causes a lot of redundancy & the inability to edit rules properly are major blockers for us. - API documentation. The documentation for the API is somewhat lacking and I find myself encountering some behaviors that are not listed, which makes it difficult to work with it sometimes.

My main dislikes revolve around Okta's capabilities, particularly in comparison to more robust solutions. Okta is considered IGA Lite because it is not a full-fledged IGA solution. While ease of implementation is straightforward, it struggles in areas like complex access certifications or granular controls for governance. We will need to do some work to make Okta fit our specific needs, as these were known missing features during evaluation, and I am seeing that come true. For access reviews, it's not as robust, and it cannot handle very complex access certifications with multiple conditions across multiple identity sources. Its controls are not as granular; they tend to be broad, and anything specific needs to be custom-coded. I wish the tool had more advanced access certification capabilities, perhaps reaching a B-plus level rather than its current C-plus/B-minus level. It is also less capable of handling as many Boolean questions, which is other products sweet spot. From a customization perspective, external custom code is required for some packages, and while reimagining workflows from our previous tool to Okta is a minor inconvenience, the concern is how future vendor upgrades will impact this custom code, potentially leading to more coding or loss of functionality. Another specific pain point is the lack of capability for complex password checking, such as searching for keywords or maintaining a bad word list for passwords, which is something we need as an entertainment company. Finally, I believe Okta might be trying to get too broad and deep at the same time by moving into IGA and ISPM (Identity Security Posture Management) after acquiring companies like Sparc. They haven't fully fleshed out the ISPM function or defined a serious direction, making me wonder if the same lack of focus applies to the IGA space, considering its less feature-rich offering and unclear product roadmap.

I dislike the certification part of the tool, as it can be clunky at times with the creation, implementation, and reminders of campaigns.